Your submission was sent successfully! Close

CVE-2021-20316

Published: 31 December 2021

Symlink race error can allow metadata read and modify outside of the exported share.

Mitigation

This issue can be mitigated by disabling SMB1, which is the default
configuration in Samba 4.11 and above. In environments where SMB1 cannot
be disabled, symlink support can be disabled with unix extensions = no.
Priority

Medium

Status

Package Release Status
samba
Launchpad, Ubuntu, Debian
bionic Ignored

focal Ignored

hirsute Ignored

impish Ignored

jammy Ignored

trusty Needs triage

upstream
Released (4.15.0)
xenial Needs triage

Notes

AuthorNote
mdeslaur
per upstream, fixing this required a whole rewrite of the VFS
layer and there is no reasonable way to fix this in older
versions. Marking this CVE as ignored for older releases.

References

Bugs