Bug 1941402 (CVE-2021-20277)
Summary: | CVE-2021-20277 samba: Out of bounds read in AD DC LDAP server | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Huzaifa S. Sidhpurwala <huzaifas> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | abokovoy, asn, ekeck, gdeschner, hvyas, iboukris, jhrozek, lslebodn, puebele, rhs-smb, security-response-team, sgallagh, ssorce, yozone |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | samba 4.14.1, samba 4.13.6, samba 4.12.13 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-04-06 17:36:02 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1941511, 1941512, 1941513, 1941514, 1941515, 1941516, 1941517, 1942497, 1943149, 1962752, 1962753 | ||
Bug Blocks: | 1941401, 1942875 |
Description
Huzaifa S. Sidhpurwala
2021-03-22 05:18:09 UTC
Acknowledgments: Name: the Samba Project Upstream: Douglas Bagnall (Catalyst and the Samba Team) Created libldb tracking bugs for this issue: Affects: fedora-all [bug 1942497] External References: https://www.samba.org/samba/security/CVE-2021-20277.html Red Hat Gluster Storage 3 uses built-in version of ldb library in Samba: $ cat samba.spec [...] # RHGS always builds with a private copy of ldb %global with_internal_ldb 1 [...] %if ! %with_internal_ldb %global libldb_version 2.0.8 BuildRequires: libldb-devel >= %{libldb_version} BuildRequires: python3-ldb-devel >= %{libldb_version} %endif [...] Statement: The version of Samba shipped with Red Hat Gluster Storage (RHGS) 3 is built with a private copy of ldb (LDAP-like embedded database) library which includes the vulnerable code. However, Samba shipped with RHGS 3 is not supported for use as an Active Directory Domain Controller and hence the impact has been lowered. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:1072 https://access.redhat.com/errata/RHSA-2021:1072 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-20277 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1197 https://access.redhat.com/errata/RHSA-2021:1197 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:1214 https://access.redhat.com/errata/RHSA-2021:1214 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:1213 https://access.redhat.com/errata/RHSA-2021:1213 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2021:2331 https://access.redhat.com/errata/RHSA-2021:2331 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Advanced Update Support Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions Red Hat Enterprise Linux 7.6 Telco Extended Update Support Via RHSA-2021:2786 https://access.redhat.com/errata/RHSA-2021:2786 |