PT-2021-5387 · Samba+5 · Samba+5

Huzaifa S. Sidhpurwala

·

Published

2021-11-09

·

Updated

2024-06-15

·

CVE-2021-3738

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Samba (affected versions not specified)
Description The issue is related to the use of 'association groups' in DCE/RPC, which allows sharing handles between multiple connections. These handles can reference connections to the sam.ldb database. However, when one connection within the association group ends, the database is left pointing at an invalid 'struct session info', potentially leading to a crash. It is also possible that this use-after-free condition could allow different user state to be pointed at, potentially enabling more privileged access. The vulnerability is associated with a use-after-free condition in the Samba AD DC RPC server software, which could be exploited by a remote attacker to cause a denial of service or elevate privileges.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2021-3247
ALT-PU-2021-3296
ALT-PU-2021-3339
ALT-PU-2021-3470
AZL-37005
AZL-8905
BDU:2021-06224
CVE-2021-3738
DSA-5003-1
ECHO-B5D2-47BE-37F6
MGASA-2021-0585
OESA-2021-1461
OPENSUSE-SU-2021:3647-1
OPENSUSE-SU-2021_3647-1
OPENSUSE-SU-2024:11631-1
SUSE-SU-2021:3647-1
SUSE-SU-2022:0361-1
USN-5142-1
USN-5142-2
USN-5142-3

Affected Products

Alt Linux
Astra Linux
Linuxmint
Samba
Suse
Ubuntu