Synology-SA-21:17 Samba
Publish Time: 2021-05-03 10:54:54 UTC+8
Last Updated: 2022-08-29 14:08:36 UTC+8
- Severity
- Moderate
- Status
- Accepted
Abstract
A vulnerability allows remote authenticated users to bypass security constraint via a susceptible version of DiskStation Manager (DSM) or Synology Router Manager (SRM).
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| DSM 6.2 | Moderate | Pending |
| SRM 1.2 | Moderate | Pending |
| VS Firmware 2.3 | Not affected | N/A |
| SMB Service for DSM 7.0 | Moderate | Upgrade to 4.10.18-0417 or above. |
Mitigation
None
Detail
- CVE-2021-20254
- Severity: Moderate
- CVSS3 Base Score: 6.8
- CVSS3 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
- A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.
Reference
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2021-05-03 | Initial public release. |
| 2 | 2022-02-17 | Added SMB Service for DSM 7.0 to Affected Products. |