Vulnerability CVE-2021-20208: Information

Description

A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-20208
Published: April 20, 2021
Modified: Nov. 7, 2023
Error type identifier: CWE-269

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
cifs-utilssisyphus6.13-alt17.0-alt1ALT-PU-2021-2082-1271899Fixed
cifs-utilsp106.13-alt36.15-alt1ALT-PU-2021-2827-1285065Fixed
cifs-utilsc10f16.13-alt36.15-alt1ALT-PU-2021-2827-1285065Fixed
cifs-utilsc9f26.15-alt16.15-alt1ALT-PU-2022-2563-1306007Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.samba.org/show_bug.cgi?id=14651
  • Issue Tracking
  • Patch
  • Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1921116
  • Issue Tracking
  • Third Party Advisory
FEDORA-2021-d54e02d1b2
    FEDORA-2021-c87ed13391
      FEDORA-2021-b1bb3d3b20

          1. Configuration 1

            cpe:2.3:a:samba:cifs-utils:*:*:*:*:*:*:*:*
            Start including
            4.0
            End excliding
            6.13

            Configuration 2

            cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
            cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

            Configuration 3

            cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
            cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
            cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
        Version: v24.4.2
        Back to top