All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-01-11T15:15:01

Updated: 2024-08-04T04:03:08.360Z

Reserved: 2021-11-09T00:00:00

Link: CVE-2021-43566

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-01-11T16:15:07.813

Modified: 2024-11-21T06:29:27.177

Link: CVE-2021-43566

cve-icon Redhat

Severity : Low

Publid Date: 2022-01-10T00:00:00Z

Links: CVE-2021-43566 - Bugzilla