CVE-2021-20208

CVE	CVE-2021-20208
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-04-19 22:15:00 UTC
Updated	2023-11-07 03:29:00 UTC
Description	A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.

Problem Types: CWE-269

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Fedoraproject	Fedora	33	All	All	All
Operating System	Fedoraproject	Fedora	34	All	All	All
Operating System	Fedoraproject	Fedora	35	All	All	All
Operating System	Redhat	Enterprise Linux	7.0	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Application	Samba	Cifs-utils	All	All	All	All

Reference	Source	Link	Tags
[SECURITY] Fedora 34 Update: cifs-utils-6.13-3.fc34 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 35 Update: cifs-utils-6.13-3.fc35 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
14651 – CVE-2021-20208 [SECURITY][EMBARGOED] cifs-utils: cifs.upcall kerberos auth leak in container	MISC	bugzilla.samba.org
[SECURITY] Fedora 35 Update: cifs-utils-6.13-3.fc35 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 34 Update: cifs-utils-6.13-3.fc34 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 33 Update: cifs-utils-6.13-3.fc33 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 33 Update: cifs-utils-6.13-3.fc33 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
1921116 – (CVE-2021-20208) CVE-2021-20208 cifs-utils: Container can use kerberos cache from the host via mount.cifs/cifs.upcall	MISC	bugzilla.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

174889 SUSE Enterprise Linux Security Update for cifs-utils (SUSE-SU-2021:1161-1)
174890 SUSE Enterprise Linux Security Update for cifs-utils (SUSE-SU-2021:1159-1)
174970 SUSE Enterprise Linux Security Update for cifs-utils (SUSE-SU-2021:1455-1)
180508 Debian Security Update for cifs-utils (CVE-2021-20208)
198816 Ubuntu Security Notification for cifs-utils Vulnerabilities (USN-5459-1)
281948 Fedora Security Update for cifs (FEDORA-2021-c87ed13391)
281949 Fedora Security Update for cifs (FEDORA-2021-b1bb3d3b20)
500091 Alpine Linux Security Update for cifs-utils
503677 Alpine Linux Security Update for cifs-utils
505858 Alpine Linux Security Update for cifs-utils
670421 EulerOS Security Update for cifs-utils (EulerOS-SA-2021-1978)
670479 EulerOS Security Update for cifs-utils (EulerOS-SA-2021-2237)
670505 EulerOS Security Update for cifs-utils (EulerOS-SA-2021-2263)
670564 EulerOS Security Update for cifs-utils (EulerOS-SA-2021-2323)
670601 EulerOS Security Update for cifs-utils (EulerOS-SA-2021-2359)
670862 EulerOS Security Update for cifs-utils (EulerOS-SA-2021-2575)
750237 OpenSUSE Security Update for cifs-utils (openSUSE-SU-2021:0639-1)
900215 CBL-Mariner Linux Security Update for cifs-utils 6.8
901024 Common Base Linux Mariner (CBL-Mariner) Security Update for cifs-utils (6354-1)
903460 Common Base Linux Mariner (CBL-Mariner) Security Update for cifs-utils (4161)