VuXML: samba -- Multiple Vulnerabilities

Affected packages

samba413

4.13.17

samba414

4.14.12

samba415

4.15.5

Details

VuXML ID	8579074c-839f-11ec-a3b2-005056a311d1
Discovery	2022-01-31
Entry	2022-02-01

VuXML ID

8579074c-839f-11ec-a3b2-005056a311d1

Discovery

2022-01-31

Entry

2022-02-01

The Samba Team reports:

CVE-2021-43566: Malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition.

CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share.

CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution.

CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services.

[source]

CVE Name	CVE-2021-43566
CVE Name	CVE-2021-44141
CVE Name	CVE-2021-44142
CVE Name	CVE-2022-0336
URL	https://www.samba.org/samba/security/CVE-2021-43566.html
URL	https://www.samba.org/samba/security/CVE-2021-44141.html
URL	https://www.samba.org/samba/security/CVE-2021-44142.html
URL	https://www.samba.org/samba/security/CVE-2022-0336.html

samba -- Multiple Vulnerabilities

Details

References