QID 352379
Date Published: 2021-06-24
QID 352379: Amazon Linux Security Advisory for samba: ALAS2-2021-1649
<DIV ID="issue_overview"> a flaw was found in the way samba handled file and directory permissions.
This flaw allows an authenticated user to gain access to certain file and directory information, which otherwise would be unavailable.
The highest threat from this vulnerability is to confidentiality. (
cve-2020-14318 ) a null pointer dereference flaw was found in samba's winbind service.
This flaw allows a local user to crash the winbind service, causing a denial of service.
The highest threat from this vulnerability is to system availability. (
cve-2020-14323 ) a flaw was found in the microsoft windows netlogon remote protocol (ms-nrpc), where it reuses a known, static, zero-value initialization vector (iv) in aes-cfb8 mode.
This flaw allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and possibly obtain domain administrator privileges.
The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (
cve-2020-1472 ) </DIV>
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
- ALAS2-2021-1649 -
alas.aws.amazon.com/AL2/ALAS-2021-1649.html
CVEs related to QID 352379
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS2-2021-1649 | Amazon Linux 2 |
alas.aws.amazon.com/AL2/ALAS-2021-1649.html |