All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.
References
Link | Resource |
---|---|
https://security.gentoo.org/glsa/202309-06 | |
https://www.samba.org/samba/security/CVE-2021-44141.html | Mitigation Vendor Advisory |
Configurations
History
23 Feb 2022, 15:17
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-59 | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 4.3 |
References | (MISC) https://www.samba.org/samba/security/CVE-2021-44141.html - Mitigation, Vendor Advisory | |
CPE | cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
21 Feb 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-21 18:15
Updated : 2024-02-04 22:29
NVD link : CVE-2021-44141
Mitre link : CVE-2021-44141
CVE.ORG link : CVE-2021-44141
JSON object : View
Products Affected
samba
- samba
redhat
- storage
fedoraproject
- fedora