Vulnerability CVE-2021-20208: Information
Description
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
cifs-utils | sisyphus | 6.13-alt1 | 7.0-alt1 | ALT-PU-2021-2082-1 | 271899 | Fixed |
cifs-utils | p10 | 6.13-alt3 | 6.15-alt1 | ALT-PU-2021-2827-1 | 285065 | Fixed |
cifs-utils | c10f1 | 6.13-alt3 | 6.15-alt1 | ALT-PU-2021-2827-1 | 285065 | Fixed |
cifs-utils | c9f2 | 6.15-alt1 | 6.15-alt1 | ALT-PU-2022-2563-1 | 306007 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://bugzilla.samba.org/show_bug.cgi?id=14651 |
|
https://bugzilla.redhat.com/show_bug.cgi?id=1921116 |
|
FEDORA-2021-d54e02d1b2 | |
FEDORA-2021-c87ed13391 | |
FEDORA-2021-b1bb3d3b20 |