Primary

Context

Samba Group Membership Change Not Reflected in Re-authenticated SMB Sessions

Vulnerability

Patched

A flaw in Samba's smbd service daemon allows file shares to remain accessible even after group membership changes are made in Active Directory. This issue arises because Samba does not update group membership information when re-authenticating an expired SMB session. As a result, changes made by an administrator may not take effect until the user disconnects and reconnects to the server. This vulnerability affects all versions of Samba starting from 4.21.0.

Impact

Exploitation of this vulnerability can lead to unauthorized access to file shares, as group membership changes are not recognized during session re-authentication.

Remediation

Users can upgrade to Samba version 4.21.6, which addresses this vulnerability. The update is available for download from the Samba download site.

Added: Jun 6, 2025, 3:32 PM

Updated: Jun 6, 2025, 3:32 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

0.6

exploitability

4.9

remediation

7.7

relevance

0.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

0.6

exploitability

4.9

remediation

7.7

relevance

0.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Samba Group Membership Change Not Reflected in Re-authenticated SMB Sessions

Vulnerability

Impact

Remediation

Affected Products

Samba

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating