Main Vulnerability Database Vulnerabilities #VU59345

#VU59345 Link following in Samba - CVE-2021-43566

Published: January 10, 2022

Vulnerability identifier: #VU59345

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-43566

CWE-ID: CWE-59

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Samba

Software vendor:
Samba

Description

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to a symlink race condition when creating directories. A remote authenticated user can use SMB1 or NFS symlink race to create directories on the Unix filesystem outside of the share definition.

Successful exploitation of the vulnerability requites that the user has permissions to create folder in the target directory.

Remediation

Install updates from vendor's website.

External links

https://www.samba.org/samba/security/CVE-2021-43566.html

#VU59345 Link following in Samba - CVE-2021-43566

Description

Remediation

External links

Please verify you're human