CVE-2021-20316 — MEDIUM (6.8)

Q: How severe is CVE-2021-20316?

CVE-2021-20316 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-20316?

Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba, Debian Debian Linux, Redhat Virtualization Host, Redhat Enterprise Linux, Redhat Enterprise Linux Aus.

Vulnerability Description

A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Samba	Samba	< 4.15.0
Debian	Debian Linux	10.0
Redhat	Virtualization Host	4.0
Redhat	Enterprise Linux	8.0
Redhat	Enterprise Linux Aus	8.6
Redhat	Enterprise Linux Eus	8.6
Redhat	Enterprise Linux Tus	8.6

Related Weaknesses (CWE)

CWE-362

References

https://access.redhat.com/security/cve/CVE-2021-20316Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2009673Issue TrackingThird Party Advisory
https://bugzilla.samba.org/show_bug.cgi?id=14842Issue TrackingVendor Advisory
https://security-tracker.debian.org/tracker/CVE-2021-20316MitigationThird Party Advisory
https://security.gentoo.org/glsa/202309-06
https://www.samba.org/samba/security/CVE-2021-20316.htmlVendor Advisory
https://access.redhat.com/security/cve/CVE-2021-20316Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2009673Issue TrackingThird Party Advisory
https://bugzilla.samba.org/show_bug.cgi?id=14842Issue TrackingVendor Advisory
https://security-tracker.debian.org/tracker/CVE-2021-20316MitigationThird Party Advisory
https://security.gentoo.org/glsa/202309-06
https://www.samba.org/samba/security/CVE-2021-20316.htmlVendor Advisory

FAQ

What is CVE-2021-20316?

CVE-2021-20316 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of th...

How severe is CVE-2021-20316?

CVE-2021-20316 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-20316?

Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba, Debian Debian Linux, Redhat Virtualization Host, Redhat Enterprise Linux, Redhat Enterprise Linux Aus.