PT-2019-6227 · Samba+5 · Samba+5

Michael Hanselmann

Publicado

2019-05-30

Atualizado

2022-10-14

CVE-2021-43566

CVSS v3.1

2.5

Baixa

Vetor

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Samba versions prior to 4.13.16

Description The issue allows a malicious client to create a directory in an area of the server file system not exported under the share definition by using an SMB1 or NFS race. This can happen if SMB1 is enabled or the share is also available via NFS. The vulnerability is related to the unix extensions of SMB1 and NFS in the Samba package, which is caused by incorrect synchronization during concurrent execution.

Recommendations For versions prior to 4.13.16, update to version 4.13.16 or later to resolve the issue. As a temporary workaround, consider disabling SMB1 or restricting access to NFS shares to minimize the risk of exploitation. Avoid using SMB1 or NFS for sensitive data until the issue is resolved.

Exploit

Correção

DoS

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

ALT-PU-2021-1568

ALT-PU-2021-2045

ALT-PU-2021-2081

AZL-37006

AZL-7489

BDU:2022-05713

CVE-2021-43566

ECHO-D69C-9803-2415

OESA-2022-1507

OPENSUSE-SU-2022:0283-1

OPENSUSE-SU-2022_0283-1

SUSE-SU-2022:0283-1

SUSE-SU-2022:0323-1

USN-5260-1

Produtos afetados

Alt Linux

Astra Linux

Linuxmint

Samba

Suse

Ubuntu

PT-2019-6227 · Samba+5 · Samba+5

CVE-2021-43566

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 59