CVE-2020-14318

CWE-266 CWE-269 — Improper Privilege Management13 documents9 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 63.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Samba Redhat Enterprise Linux Redhat Storage

Timeline

PublishedDec 3

Latest updateMay 24

Description

A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

▶NVDsamba/samba3.6.0 — 4.11.15+2

▶Debiansamba< 2:4.13.2+dfsg-2+3

▶Ubuntusamba< 2:4.3.11+dfsg-0ubuntu0.16.04.32+3

▶CVEListV5sambasamba 4.11.15, samba 4.12.9, samba 4.13.1

▶NVDredhat/storage3.0

Also affects: Enterprise Linux 7.0, 8.0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-9qj5-fxqg-6g9p: A flaw was found in the way samba handled file and directory permissions↗2022-05-24

▶

OSV

samba vulnerabilities↗2021-05-03

▶

CVEList

CVE-2020-14318: A flaw was found in the way samba handled file and directory permissions↗2020-12-03

▶

OSV

CVE-2020-14318: A flaw was found in the way samba handled file and directory permissions↗2020-12-03

▶

OSV

samba vulnerabilities↗2020-11-02

▶

📋Vendor Advisories

Ubuntu

Samba vulnerabilities↗2021-05-03

▶

Microsoft

▶

Ubuntu

Samba vulnerabilities↗2020-11-02

▶

Red Hat

samba: Missing handle permissions check in SMB1/2/3 ChangeNotify↗2020-10-29

▶

Debian

CVE-2020-14318: samba - A flaw was found in the way samba handled file and directory permissions. An aut...↗2020

▶

💬Community

Bugzilla

CVE-2020-14318 samba: Missing handle permissions check in SMB1/2/3 ChangeNotify↗2020-10-29

▶

Bugzilla

CVE-2020-14318 samba: Missing handle permissions check in SMB1/2/3 ChangeNotify [fedora-all]↗2020-10-29

▶