CVE-2021-23192 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Insufficient validation
Description	A security issue has been found in Samba versions 4.10.0 to 4.15.1. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2538	samba	4.15.1-1	4.15.2-1	Medium	Fixed

References
https://www.samba.org/samba/security/CVE-2021-23192.html https://www.samba.org/samba/ftp/patches/security/samba-4.15.1-security-2021-11-09.patch

Notes
Workaround ========== Setting "dcesrv:max auth states=0" in the smb.conf will provide some mitigation against this issue. There are no known problems with this change as NT4 classic domain controller, domain member or standalone server. But it disables "Security Context Multiplexing" and may reopen https://bugzilla.samba.org/show_bug.cgi?id=11892. which means domain members running things like Cisco ISE or VMWare View may no longer work. This applies only to active directory domain controllers.

Notes

Workaround
==========

Setting "dcesrv:max auth states=0" in the smb.conf will provide some mitigation against this issue.

There are no known problems with this change as NT4 classic domain controller, domain member or standalone server.

But it disables "Security Context Multiplexing" and may reopen https://bugzilla.samba.org/show_bug.cgi?id=11892. which means domain members running things like Cisco ISE or VMWare View may no longer work. This applies only to active directory domain controllers.