ALAS2-2021-1649 --- sambaID: oval:org.secpod.oval:def:1700654 | Date: (C)2021-06-29 (M)2024-04-29 |
Class: PATCH | Family: unix |
A flaw was found in the way Samba handled file and directory permissions. This flaw allows an authenticated user to gain access to certain file and directory information, which otherwise would be unavailable. The highest threat from this vulnerability is to confidentiality. A null pointer dereference flaw was found in Samba"s winbind service. This flaw allows a local user to crash the winbind service, causing a denial of service. The highest threat from this vulnerability is to system availability. A flaw was found in the Microsoft Windows Netlogon Remote Protocol , where it reuses a known, static, zero-value initialization vector in AES-CFB8 mode. This flaw allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and possibly obtain domain administratorprivileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability