CVE-2021-20251 — Race Condition in Samba

CWE-362 — Race Condition10 documents7 sources

Severity

5.9MEDIUMNVD

EPSS

0.2%

top 55.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba Fedoraproject Fedora +3 more

Timeline

PublishedMar 6

Latest updateMar 14

Description

A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages8 packages

▶NVDsamba/samba4.1.0 — 4.16.8+1

▶debiandebian/samba< samba 2:4.17.2+dfsg-3 (bookworm)

▶Debiansamba/samba< 2:4.17.2+dfsg-3+2

▶Ubuntusamba/samba< 2:4.13.17~dfsg-0ubuntu1.20.04.5+2

▶CVEListV5samba/sambaSamba 4.1 and newer

Also affects: Fedora 37

🔴Vulnerability Details

GHSA

GHSA-9ppx-3j9g-766w: A flaw was found in samba↗2023-03-07

▶

OSV

CVE-2021-20251: A flaw was found in samba↗2023-03-06

▶

OSV

samba regression↗2023-01-26

▶

OSV

samba vulnerabilities↗2023-01-24

▶

📋Vendor Advisories

Microsoft

A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met.↗2023-03-14

▶

Ubuntu

Samba regression↗2023-01-26

▶

Ubuntu

Samba vulnerabilities↗2023-01-24

▶

Red Hat

samba: Race condition in the bad password lockout code↗2021-02-05

▶

Debian

CVE-2021-20251: samba - A flaw was found in samba. A race condition in the password lockout code may lea...↗2021

▶