CVE-2021-43566

EUVD-2021-30489
All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.5 LOW
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
sambasamba
𝑥
< 4.13.16
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
samba
bookworm
2:4.17.12+dfsg-0+deb12u1
fixed
bookworm (security)
2:4.17.12+dfsg-0+deb12u1
fixed
bullseye
2:4.13.13+dfsg-1~deb11u6
fixed
bullseye (security)
2:4.13.13+dfsg-1~deb11u6
fixed
buster
ignored
sid
2:4.21.1+dfsg-2
fixed
trixie
2:4.21.1+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
samba
bionic
needed
focal
Fixed 2:4.13.17~dfsg-0ubuntu0.21.04.1
released
hirsute
ignored
impish
Fixed 2:4.13.17~dfsg-0ubuntu0.21.10.1
released
jammy
Fixed 4.13.17~dfsg-0ubuntu1
released
kinetic
Fixed 4.13.17~dfsg-0ubuntu1
released
lunar
Fixed 4.13.17~dfsg-0ubuntu1
released
mantic
Fixed 4.13.17~dfsg-0ubuntu1
released
noble
Fixed 4.13.17~dfsg-0ubuntu1
released
trusty
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://bugzilla.samba.org/show_bug.cgi?id=13979
https://security.netapp.com/advisory/ntap-20220110-0001/
https://www.samba.org/samba/security/CVE-2021-43566.html
https://bugzilla.samba.org/show_bug.cgi?id=13979
https://security.netapp.com/advisory/ntap-20220110-0001/
https://www.samba.org/samba/security/CVE-2021-43566.html