CVE-2021-20316

CWE-362 — Race Condition7 documents7 sources

Severity

6.8MEDIUM

EPSS

0.7%

top 27.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Samba Debian Debian Linux Redhat Enterprise Linux +4 more

Timeline

PublishedAug 23

Latest updateAug 24

Description

A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.6 | Impact: 5.2

Affected Packages4 packages

▶NVDsamba/samba< 4.15.0

▶Debiansamba< 2:4.16.0+dfsg-2+2

▶CVEListV5sambaAffects samba file server before v4.15.0, Fixed in samba v4.15.0

▶NVDredhat/virtualization_host4.0

Also affects: Debian Linux 10.0, 11.0, Enterprise Linux 8.0, 8.6

🔴Vulnerability Details

GHSA

GHSA-88fw-cm3w-8cq5: A flaw was found in the way Samba handled file/directory metadata↗2022-08-24

▶

OSV

CVE-2021-20316: A flaw was found in the way Samba handled file/directory metadata↗2022-08-23

▶

CVEList

CVE-2021-20316: A flaw was found in the way Samba handled file/directory metadata↗2022-08-23

▶

📋Vendor Advisories

Microsoft

A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata to perform this operation outside of the↗2022-08-09

▶

Red Hat

samba: Symlink race error can allow metadata read and modify outside of the exported share↗2022-01-10

▶

Debian

CVE-2021-20316: samba - A flaw was found in the way Samba handled file/directory metadata. This flaw all...↗2021

▶