Main Vulnerability Database Vulnerabilities #VU59345

Link following in Samba - CVE-2021-43566

Published: January 10, 2022

Vulnerability identifier: #VU59345

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-43566

CWE-ID: CWE-59

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Samba

Affected software:
Samba

Detailed vulnerability description

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to a symlink race condition when creating directories. A remote authenticated user can use SMB1 or NFS symlink race to create directories on the Unix filesystem outside of the share definition.

Successful exploitation of the vulnerability requites that the user has permissions to create folder in the target directory.

How to mitigate CVE-2021-43566

Install updates from vendor's website.

Sources

https://www.samba.org/samba/security/CVE-2021-43566.html

Link following in Samba - CVE-2021-43566

Detailed vulnerability description

How to mitigate CVE-2021-43566

Sources

Please verify you're human