PT-2021-7333 · Samba+9 · Samba+9

Stefan Metzmacher

Published

2021-10-19

Updated

2024-06-15

CVE-2021-23192

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Samba (affected versions not specified)

Description A flaw was found in the way Samba implements DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements. This could allow a remote attacker to impact data integrity.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Special Elements Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-20

Related Identifiers

ALSA-2021:5082

ALT-PU-2021-3247

ALT-PU-2021-3296

ALT-PU-2021-3339

ALT-PU-2021-3470

AZL-37002

AZL-8903

BDU:2022-05707

CESA-2021_5082

CVE-2021-23192

DSA-5003-1

ECHO-86FA-32F7-5AB6

MGASA-2021-0585

OPENSUSE-SU-2021:1471-1

OPENSUSE-SU-2021:3647-1

OPENSUSE-SU-2021:3650-1

OPENSUSE-SU-2021_1471-1

OPENSUSE-SU-2021_3647-1

OPENSUSE-SU-2021_3650-1

OPENSUSE-SU-2024:11631-1

RHSA-2021:4843

RHSA-2021:5082

RHSA-2021_5082

RHSA-2022:0008

RLSA-2021:5082

SUSE-SU-2021:3647-1

SUSE-SU-2021:3649-1

SUSE-SU-2021:3650-1

SUSE-SU-2022:0361-1

USN-5142-1

USN-5142-2

USN-5142-3

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Samba

Suse

Ubuntu

PT-2021-7333 · Samba+9 · Samba+9

CVE-2021-23192

Weakness Enumeration

Related Identifiers

Affected Products

References · 98