CVE-2021-43566Race Condition in Samba

CWE-362Race Condition8 documents7 sources
Severity
2.5LOWNVD
EPSS
0.4%
top 41.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
SambaDebian SambaMsrc Azl3 Samba 4.18.3-1 ON Azure Linux 3.0+2 more
Timeline
PublishedJan 11
Latest updateFeb 1

Description

All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 1.0 | Impact: 1.4

Affected Packages7 packages

NVDsamba/samba< 4.13.16
debiandebian/samba< samba 2:4.16.0+dfsg-2 (bookworm)
Debiansamba/samba< 2:4.13.13+dfsg-1~deb11u4+3
Ubuntusamba/samba< 2:4.13.17~dfsg-0ubuntu0.21.04.1

Patches

Patch: www.samba.orgPatch: www.samba.org

🔴Vulnerability Details

3
OSV
samba vulnerabilities2022-02-01
GHSA
GHSA-rcx2-p86p-53w9: All versions of Samba prior to 42022-01-12
OSV
CVE-2021-43566: All versions of Samba prior to 42022-01-11

📋Vendor Advisories

4
Ubuntu
Samba vulnerabilities2022-02-01
Microsoft
All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the sha2022-01-11
Red Hat
samba: Symlink race error can allow directory creation outside of the exported share2022-01-10
Debian
CVE-2021-43566: samba - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client usin...2021