Vulnerability Description
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Samba | Samba | < 4.15.5 |
| Redhat | Storage | 3.0 |
| Fedoraproject | Fedora | 34 |
Related Weaknesses (CWE)
References
- https://security.gentoo.org/glsa/202309-06
- https://www.samba.org/samba/security/CVE-2021-44141.htmlMitigationVendor Advisory
- https://security.gentoo.org/glsa/202309-06
- https://www.samba.org/samba/security/CVE-2021-44141.htmlMitigationVendor Advisory
FAQ
What is CVE-2021-44141?
CVE-2021-44141 is a vulnerability with a CVSS score of 4.3 (MEDIUM). All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the...
How severe is CVE-2021-44141?
CVE-2021-44141 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-44141?
Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba, Redhat Storage, Fedoraproject Fedora.