Vulnerability CVE-2021-44141


Published: 2022-02-21

Description:
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.

Type:

CWE-59

(Improper Link Resolution Before File Access ('Link Following'))

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.5/10
2.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Samba -> Samba 
Redhat -> Storage 
Fedoraproject -> Fedora 

 References:
https://www.samba.org/samba/security/CVE-2021-44141.html

Copyright 2024, cxsecurity.com

 

Back to Top