Headline
CVE-2021-23192: CVE-2021-23192 | Ubuntu
A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.
Published: 9 November 2021
Subsequent DCE/RPC fragment injection vulnerability. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.
Status
Package
Release
Status
samba
Launchpad, Ubuntu, Debian
bionic
Not vulnerable (2:4.7.6+dfsg~ubuntu-0ubuntu2.24)
focal
Released (2:4.13.14+dfsg-0ubuntu0.20.04.1)
hirsute
Released (2:4.13.14+dfsg-0ubuntu0.21.04.1)
impish
Released (2:4.13.14+dfsg-0ubuntu0.21.10.1)
trusty
Not vulnerable
upstream
Released (4.13.14)
xenial
Not vulnerable