Summary
A set of vulnerabilities have been reported in Samba (CESA-2021:5082). Customers using only v4.3.1 of HYCU for Enterprise Clouds are strongly recommended to take the actions listed below as a safety precaution.
Date of Publication
Feb 22nd, 2022
Description
The set of vulnerabilities reported in Samba (CESA-2021:5082) include the following:
- CVE-2016-2124: SMB1 client connections can be downgraded to plaintext authentication
- CVE-2020-25717: Active Directory (AD) domain user could become root on domain members
- CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability
Impact
- Since SMB1 is not used in HYCU, vulnerability CVE-2016-2124 does not impact users
- Since HYCU is not in a domain controller, vulnerability CVE-2020-25717 does not apply or impact users
- Vulnerability CVE-2021-23192 could potentially apply to HYCU v4.3.1. Please follow the mitigation outlined below
Mitigation
If running, HYCU for Enterprise Cloud v4.3.1, please login to the HYCU console and execute the following commands:
echo dcesrv:max auth states=0 | sudo tee -a /etc/samba/smb.conf
sudo systemctl restart smb
This will eliminate any exposure to vulnerability CVE-2021-23192.
References
RedHat security advisory: https://access.redhat.com/errata/RHSA-2021:5082
Comments
Please sign in to leave a comment.