Your submission was sent successfully! Close

CVE-2021-43566

Published: 11 January 2022

All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed.

Mitigation

This issue can be mitigated by disabling SMB1, which is the default
configuration in Samba 4.11 and above. In environments where SMB1 cannot
be disabled, symlink support can be disabled with unix extensions = no.
Priority

Low

CVSS 3 base score: 2.5

Status

Package Release Status
samba
Launchpad, Ubuntu, Debian
bionic Needed

focal
Released (2:4.13.17~dfsg-0ubuntu0.21.04.1)
hirsute Ignored
(reached end-of-life)
impish
Released (2:4.13.17~dfsg-0ubuntu0.21.10.1)
jammy
Released (4.13.17~dfsg-0ubuntu1)
trusty Needs triage

upstream
Released (4.13.16)
xenial Needs triage