Synology-SA-21:17 Samba

Publish Time: 2021-05-03 10:54:54 UTC+8

Last Updated: 2022-08-29 14:08:36 UTC+8

Severity
Moderate
Status
Accepted

Abstract

A vulnerability allows remote authenticated users to bypass security constraint via a susceptible version of DiskStation Manager (DSM) or Synology Router Manager (SRM).

Affected Products

Product Severity Fixed Release Availability
DSM 6.2 Moderate Pending
SRM 1.2 Moderate Pending
VS Firmware 2.3 Not affected N/A
SMB Service for DSM 7.0 Moderate Upgrade to 4.10.18-0417 or above.

Mitigation

None

Detail

  • CVE-2021-20254
    • Severity: Moderate
    • CVSS3 Base Score: 6.8
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
    • A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.

Reference

Revision

Revision Date Description
1 2021-05-03 Initial public release.
2 2022-02-17 Added SMB Service for DSM 7.0 to Affected Products.