CVE-2021-20316

A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2021-20316	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2009673	Issue Tracking Third Party Advisory
https://bugzilla.samba.org/show_bug.cgi?id=14842	Issue Tracking Vendor Advisory
https://security-tracker.debian.org/tracker/CVE-2021-20316	Mitigation Third Party Advisory
https://security.gentoo.org/glsa/202309-06
https://www.samba.org/samba/security/CVE-2021-20316.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:redhat:virtualization_host:4.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_aus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_tus:8.6:::::::*

History

17 Sep 2023, 09:15

Type	Values Removed	Values Added
References		(GENTOO) https://security.gentoo.org/glsa/202309-06 -

26 Aug 2022, 18:05

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.8
CWE		CWE-362
First Time		Redhat enterprise Linux Eus Redhat Redhat virtualization Host Debian Samba Redhat enterprise Linux Samba samba Debian debian Linux Redhat enterprise Linux Aus Redhat enterprise Linux Tus
CPE		cpe:2.3:o:redhat:enterprise_linux_tus:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_aus:8.6:::::::* cpe:2.3:a:samba:samba:::::::: cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::* cpe:2.3:a:redhat:virtualization_host:4.0:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:o:debian:debian_linux:11.0:::::::*
References	~~(MISC) https://access.redhat.com/security/cve/CVE-2021-20316 -~~	(MISC) https://access.redhat.com/security/cve/CVE-2021-20316 - Third Party Advisory
References	~~(MISC) https://www.samba.org/samba/security/CVE-2021-20316.html -~~	(MISC) https://www.samba.org/samba/security/CVE-2021-20316.html - Vendor Advisory
References	~~(MISC) https://security-tracker.debian.org/tracker/CVE-2021-20316 -~~	(MISC) https://security-tracker.debian.org/tracker/CVE-2021-20316 - Mitigation, Third Party Advisory
References	~~(MISC) https://bugzilla.samba.org/show_bug.cgi?id=14842 -~~	(MISC) https://bugzilla.samba.org/show_bug.cgi?id=14842 - Issue Tracking, Vendor Advisory
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2009673 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2009673 - Issue Tracking, Third Party Advisory

23 Aug 2022, 17:04

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-08-23 16:15

Updated : 2023-12-10 14:35

NVD link : CVE-2021-20316

Mitre link : CVE-2021-20316

CVE.ORG link : CVE-2021-20316

JSON object : View

Products Affected

redhat

enterprise_linux_aus
virtualization_host
enterprise_linux
enterprise_linux_eus
enterprise_linux_tus

samba

samba

debian

debian_linux

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

6.8 /10