Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2021-23192

Published: 02/03/2022 Updated: 17/09/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Samba

Vulnerability Summary

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

samba samba

Vendor Advisories

Debian Security Advisories: DSA-5003-1 samba -- security update
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix CVE-2016-2124 Stefan Metzmacher reported that SMB1 client connections can be downgraded to plaintext authentication CVE-2020-25717 Andrew Bartlett reported that Samba may map domain users to local users in an undesired way, al ...
Red Hat: CVE-2021-23192
A flaw was found in the way samba implemented DCE/RPC If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements ...
Arch Linux Issues:
A security issue has been found in Samba versions 4100 to 4151 If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements ...
Amazon Linux 2022: ALAS2022-2022-022
A flaw was found in the way samba implemented SMB1 authentication An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required (CVE-2016-2124) A flaw was found in the way Samba maps domain users to local users An authenticated attacker could use this flaw to cause possible pri ...
Amazon Linux 2022: ALAS-2022-224
ALAS-2022-224 Amazon Linux 2022 Security Advisory: ALAS-2022-224 Advisory Release Date: 2022-12-06 16:42 Pacific ...

Mailing Lists

Full Disclosure: Fwd: Samba 4.15.2, 4.14.10, 4.13.14 Security Releases are available for Download
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Fwd: Samba 4152, 41410, 41314 Security Releases are available for Download <!--X-Subject-Header-End--> <!--X-Head-of-Mes ...

References

NVD-CWE-noinfohttps://ubuntu.com/security/CVE-2021-23192https://bugzilla.redhat.com/show_bug.cgi?id=2019666https://www.samba.org/samba/security/CVE-2021-23192.htmlhttps://security.gentoo.org/glsa/202309-06https://nvd.nist.govhttps://www.debian.org/security/2021/dsa-5003
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002CVE-2006-4304CVE-2024-4336CVE-2024-33437CVE-2024-4340CVE-2024-27956privilegeinsecure direct object referenceXSSitem search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook