CVE-2021-43566

All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.5 LOW
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
VendorProductVersion
sambasamba
𝑥
< 4.13.16
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
samba
bullseye (security)
2:4.13.13+dfsg-1~deb11u6
fixed
bullseye
2:4.13.13+dfsg-1~deb11u6
fixed
buster
ignored
bookworm
2:4.17.12+dfsg-0+deb12u1
fixed
bookworm (security)
2:4.17.12+dfsg-0+deb12u1
fixed
sid
2:4.21.1+dfsg-2
fixed
trixie
2:4.21.1+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
samba
noble
Fixed 4.13.17~dfsg-0ubuntu1
released
mantic
Fixed 4.13.17~dfsg-0ubuntu1
released
lunar
Fixed 4.13.17~dfsg-0ubuntu1
released
kinetic
Fixed 4.13.17~dfsg-0ubuntu1
released
jammy
Fixed 4.13.17~dfsg-0ubuntu1
released
impish
Fixed 2:4.13.17~dfsg-0ubuntu0.21.10.1
released
hirsute
ignored
focal
Fixed 2:4.13.17~dfsg-0ubuntu0.21.04.1
released
bionic
needed
xenial
needs-triage
trusty
needs-triage
Common Weakness Enumeration
References
https://bugzilla.samba.org/show_bug.cgi?id=13979
https://security.netapp.com/advisory/ntap-20220110-0001/
https://www.samba.org/samba/security/CVE-2021-43566.html
https://bugzilla.samba.org/show_bug.cgi?id=13979
https://security.netapp.com/advisory/ntap-20220110-0001/
https://www.samba.org/samba/security/CVE-2021-43566.html