[Git][security-tracker-team/security-tracker][master] Add CVEs from samba release on 9th november 2021

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 9 18:33:15 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
49946675 by Salvatore Bonaccorso at 2021-11-09T19:32:41+01:00
Add CVEs from samba release on 9th november 2021

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2801,8 +2801,12 @@ CVE-2021-42745
 	RESERVED
 CVE-2021-3895
 	RESERVED
-CVE-2021-23192
-	RESERVED
+CVE-2021-23192 [dcerpc requests don't check all fragments against the first auth_state]
+	- samba <unfixed>
+	[buster] - samba <not-affected> (Vulnerable code introduced later)
+	[stretch] - samba <not-affected> (Vulnerable code introduced later)
+	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14875
+	NOTE: https://www.samba.org/samba/security/CVE-2021-23192.html
 CVE-2020-36502 (Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-si ...)
 	NOT-FOR-US: Swift File Transfer Mobile
 CVE-2020-36501 (Multiple cross-site scripting (XSS) vulnerabilities in the Support mod ...)
@@ -10112,8 +10116,10 @@ CVE-2021-40147 (EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulne
 	NOT-FOR-US: EmTec ZOC
 CVE-2021-40146 (A Remote Code Execution (RCE) vulnerability was discovered in the Any2 ...)
 	NOT-FOR-US: Apache Any23
-CVE-2021-3738
-	RESERVED
+CVE-2021-3738 [crash in dsdb stack]
+	- samba <unfixed>
+	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14468
+	NOTE: https://www.samba.org/samba/security/CVE-2021-3738.html
 CVE-2021-3737 [client can enter an infinite loop on a 100 Continue response from the server]
 	RESERVED
 	{DLA-2808-1}
@@ -76881,18 +76887,35 @@ CVE-2020-25723 (A reachable assertion issue was found in the USB EHCI emulation
 	- qemu 1:5.2+dfsg-1 (bug #975276)
 	[buster] - qemu <postponed> (Fix along in future DSA)
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=2fdb42d840400d58f2e706ecca82c142b97bcbd6 (v5.2.0-rc0)
-CVE-2020-25722
-	RESERVED
-CVE-2020-25721
-	RESERVED
+CVE-2020-25722 [AD DC UPN vs samAccountName not checked]
+	- samba <unfixed>
+	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14564
+	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
+	NOTE: https://www.samba.org/samba/security/CVE-2020-25722.html
+CVE-2020-25721 [[Kerberos acceptors need easy access to stable AD identifiers (eg objectSid)]
+	- samba <unfixed>
+	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
+	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14557
+	NOTE: https://www.samba.org/samba/security/CVE-2020-25721.html
 CVE-2020-25720
 	RESERVED
-CVE-2020-25719
-	RESERVED
-CVE-2020-25718
-	RESERVED
-CVE-2020-25717
-	RESERVED
+CVE-2020-25719 [AD DC Username based races when no PAC is given]
+	- samba <unfixed>
+	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14561
+	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
+	NOTE: https://www.samba.org/samba/security/CVE-2020-25719.html
+CVE-2020-25718 [An RODC can issue (forge) administrator tickets to other servers]
+	- samba <unfixed>
+	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14558
+	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
+	NOTE: https://www.samba.org/samba/security/CVE-2020-25718.html
+CVE-2020-25717 [A user on the domain can become root on domain members]
+	- samba <unfixed>
+	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14556
+	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
+	NOTE: https://www.samba.org/samba/security/CVE-2020-25717.html
+	NOTE: A new parameter "min domain uid" (defaults to 1000) has been added,
+	NOTE: which enforces that no UNIX uid below this value will be accepted.
 CVE-2020-25716 (A flaw was found in Cloudforms. A role-based privileges escalation fla ...)
 	NOT-FOR-US: Red Hat CloudForm
 CVE-2020-25715 (A flaw was found in pki-core 10.9.0. A specially crafted POST request  ...)
@@ -328154,8 +328177,10 @@ CVE-2016-2125 (It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 alwa
 	- samba 2:4.5.2+dfsg-2
 	NOTE: https://www.samba.org/samba/security/CVE-2016-2125.html
 	NOTE: Patch (with some more) here: https://download.samba.org/pub/samba/patches/security/samba-4.3.12-security-20016-12-19.patch
-CVE-2016-2124
-	RESERVED
+CVE-2016-2124 [SMB1 client connections can be downgraded to plaintext authentication]
+	- samba <unfixed>
+	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=12444
+	NOTE: https://www.samba.org/samba/security/CVE-2016-2124.html
 CVE-2016-2123 (A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine n ...)
 	{DSA-3740-1}
 	- samba 2:4.5.2+dfsg-2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/499466750ba49c00e814261ae64667ca5b8aaf0b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/499466750ba49c00e814261ae64667ca5b8aaf0b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211109/4e4c5361/attachment.htm>

More information about the debian-security-tracker-commits mailing list