VDB

GCVE-110-MAGEIA-2021-287

GCVE-110-MAGEIA-2021-287
Advisory Published
Vulnetix · Advisory published June 25, 2021
A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability (CVE-2020-27840). A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity (CVE-2021-20254). A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability (CVE-2021-20277). Also, the samba package for Mageia 7 fixes a scriplet issue when updating. Additionally, the sssd package has been rebuilt for the updated ldb package.

Affected Products

VendorProductVersionsPlatforms
Mageiasssd0 (affected), 2.4.0-1.1.mga8 (unaffected)
Mageialdb0 (affected), 2.1.5-1.mga8 (unaffected)
Mageiasamba4.12.15-1.mga8 (unaffected), 0 (affected)
Mageiasssd0 (affected), 1.16.3-3.3.mga7 (unaffected)
Mageialdb0 (affected), 1.5.8-1.1.mga7 (unaffected)
Mageiasamba0 (affected), 4.10.18-1.3.mga7 (unaffected)

Browse GCVE Records

73,685 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›