Samba Vulnerability Response (Feb 22, 2022)

Summary

A set of vulnerabilities have been reported in Samba (CESA-2021:5082). Customers using only v4.3.1 of HYCU for Enterprise Clouds are strongly recommended to take the actions listed below as a safety precaution.

Date of Publication

Feb 22nd, 2022

Description

The set of vulnerabilities reported in Samba (CESA-2021:5082) include the following:

  • CVE-2016-2124: SMB1 client connections can be downgraded to plaintext authentication
  • CVE-2020-25717: Active Directory (AD) domain user could become root on domain members
  • CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability

Impact

  • Since SMB1 is not used in HYCU, vulnerability CVE-2016-2124 does not impact users
  • Since HYCU is not in a domain controller, vulnerability CVE-2020-25717 does not apply or impact users
  • Vulnerability CVE-2021-23192 could potentially apply to HYCU v4.3.1. Please follow the mitigation outlined below

Mitigation

If running, HYCU for Enterprise Cloud v4.3.1, please login to the HYCU console and execute the following commands:

            echo dcesrv:max auth states=0 | sudo tee -a /etc/samba/smb.conf
            sudo systemctl restart smb

This will eliminate any exposure to vulnerability CVE-2021-23192.

References

RedHat security advisory: https://access.redhat.com/errata/RHSA-2021:5082

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section