Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2021-3738

Published: 02/03/2022 Updated: 17/09/2023
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Samba

Vulnerability Summary

In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only pointed at, and when one connection within that association group ended, the database would be left pointing at an invalid 'struct session_info'. The most likely outcome here is a crash, but it is possible that the use-after-free could instead allow different user state to be pointed at and this might allow more privileged access.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

samba samba

Vendor Advisories

Debian Security Advisories: DSA-5003-1 samba -- security update
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix CVE-2016-2124 Stefan Metzmacher reported that SMB1 client connections can be downgraded to plaintext authentication CVE-2020-25717 Andrew Bartlett reported that Samba may map domain users to local users in an undesired way, al ...
Arch Linux Issues:
A security issue has been found in Samba versions 400 to 4151 The AD DC RPC server can use memory that was free()ed when a sub-connection is closed ...
Amazon Linux 2022: ALAS2022-2022-022
A flaw was found in the way samba implemented SMB1 authentication An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required (CVE-2016-2124) A flaw was found in the way Samba maps domain users to local users An authenticated attacker could use this flaw to cause possible pri ...
Amazon Linux 2022: ALAS-2022-224
ALAS-2022-224 Amazon Linux 2022 Security Advisory: ALAS-2022-224 Advisory Release Date: 2022-12-06 16:42 Pacific ...

Mailing Lists

Full Disclosure: Fwd: Samba 4.15.2, 4.14.10, 4.13.14 Security Releases are available for Download
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Fwd: Samba 4152, 41410, 41314 Security Releases are available for Download <!--X-Subject-Header-End--> <!--X-Head-of-Mes ...

References

CWE-416https://bugzilla.redhat.com/show_bug.cgi?id=2021726https://www.samba.org/samba/security/CVE-2021-3738.htmlhttps://bugzilla.samba.org/show_bug.cgi?id=14468https://security.gentoo.org/glsa/202309-06https://nvd.nist.govhttps://www.debian.org/security/2021/dsa-5003
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002CVE-2006-4304CVE-2024-4336CVE-2024-33437CVE-2024-4340CVE-2024-27956privilegeinsecure direct object referenceXSSitem search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook