Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 14.04 ESM USN-4931-1 Critical: Samba DoS and Access Issues

ubuntu
Calendar Grey May 3, 2021
Dist Ubuntu Esm H88
Multiple Samba vulnerabilities patched in Ubuntu 14.04 ESM, focusing on access control and mitigating possible DoS threats.
Several security issues were fixed in Samba.

Summary

Several security issues were fixed in Samba.

Software Description:

- samba: SMB/CIFS file, print, and login server for Unix

Details:

Steven French discovered that Samba incorrectly handled ChangeNotify

permissions. A remote attacker could possibly use this issue to obtain file

name information. (CVE-2020-14318)

Bas Alberts discovered that Samba incorrectly handled certain winbind

requests. A remote attacker could possibly use this issue to cause winbind

to crash, resulting in a denial of service. (CVE-2020-14323)

Francis Brosnan Blázquez discovered that Samba incorrectly handled certain

invalid DNS records. A remote attacker could possibly use this issue to

cause the DNS server to crash, resulting in a denial of service.

(CVE-2020-14383)

Peter Eriksson discovered that Samba incorrectly handled certain negative

idmap cache entries. This issue could result in certain users gaining

unauthorized access to files, contrary to expected behaviour.

(CVE-2021-2...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  samba                           2:4.3.11+dfsg-0ubuntu0.14.04.20+esm11

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-4931-1

  CVE-2020-14318, CVE-2020-14323, CVE-2020-14383, CVE-2021-20254

Severity
critical
Lowest
Low
Medium
High
Critical

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here