CVE-2021-43566
Public on 2022-01-11
Modified on 2024-01-12
Description
All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed.
Severity
Low
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | samba | No Fix Planned | ||
| Amazon Linux 2 - Core | samba | Pending Fix | ||
| Amazon Linux 2023 | samba | 2023-02-17 | ALAS2023-2023-032 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 2.6 | CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N |
| NVD | CVSSv2 | 1.2 | AV:L/AC:H/Au:N/C:N/I:P/A:N |
| NVD | CVSSv3 | 2.5 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N |