PT-2022-1497 · Samba+9 · Samba+9

Stefan Behrens

Published

2022-01-31

Updated

2024-11-15

CVE-2021-44141

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Samba versions prior to 4.15.5

Description The issue allows a malicious client to use a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. This can be exploited when SMB1 with unix extensions is enabled.

Recommendations For versions prior to 4.15.5, update to version 4.15.5 or later to resolve the issue. As a temporary workaround, consider disabling SMB1 with unix extensions until a patch is available. Restrict access to sensitive areas of the server file system to minimize the risk of exploitation.

Exploit

Fix

DoS

Information Disclosure

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-59

Related Identifiers

ALSA-2022:2074

ALT-PU-2022-2144

ALT-PU-2022-2438

ALT-PU-2024-14683

AZL-37007

AZL-8610

BDU:2022-00685

CESA-2022_2074

CVE-2021-44141

ECHO-BBB6-A533-46A3

MGASA-2022-0054

OESA-2022-1770

OPENSUSE-SU-2022:0283-1

OPENSUSE-SU-2022_0283-1

OPENSUSE-SU-2024:11807-1

RHSA-2022:1756

RHSA-2022:2074

RHSA-2022_2074

RLSA-2022:2074

SUSE-SU-2022:0283-1

SUSE-SU-2022:0323-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Red Hat

Red Os

Rocky Linux

Samba

Suse

PT-2022-1497 · Samba+9 · Samba+9

CVE-2021-44141

Weakness Enumeration

Related Identifiers

Affected Products

References · 98