{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-44141", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-04T04:17:24.346Z", "dateReserved": "2021-11-22T00:00:00", "datePublished": "2022-02-21T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-09-17T08:06:12.738945"}, "descriptions": [{"lang": "en", "value": "All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed."}], "affected": [{"vendor": "n/a", "product": "Samba", "versions": [{"version": "All versions of Samba prior to 4.15.5", "status": "affected"}]}], "references": [{"url": "https://www.samba.org/samba/security/CVE-2021-44141.html"}, {"name": "GLSA-202309-06", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202309-06"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-200", "cweId": "CWE-200"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:17:24.346Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.samba.org/samba/security/CVE-2021-44141.html", "tags": ["x_transferred"]}, {"name": "GLSA-202309-06", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202309-06"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E56E41B-B1B7-48E8-ACFE-D40C28FB8FD7", "versionEndExcluding": "4.15.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "379A5883-F6DF-41F5-9403-8D17F6605737", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed."}, {"lang": "es", "value": "Todas las versiones de Samba anteriores a 4.15.5, son vulnerables a que un cliente malicioso use un enlace simb\u00f3lico del servidor para determinar si un archivo o directorio se presenta en un \u00e1rea del sistema de archivos del servidor no exportada bajo la definici\u00f3n de recurso compartido. SMB1 con extensiones unix debe estar habilitado para que este ataque tenga \u00e9xito"}], "id": "CVE-2021-44141", "lastModified": "2023-09-17T09:15:10.030", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-21T18:15:08.493", "references": [{"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202309-06"}, {"source": "secalert@redhat.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.samba.org/samba/security/CVE-2021-44141.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Stefan Behrens for reporting this issue. Upstream acknowledges the Samba project as the original reporter.", "affected_release": [{"advisory": "RHSA-2022:2074", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "samba-0:4.15.5-5.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-05-10T00:00:00Z"}, {"advisory": "RHSA-2022:2074", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "samba-0:4.15.5-5.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-05-10T00:00:00Z"}, {"advisory": "RHSA-2022:1756", "cpe": "cpe:/a:redhat:storage:3.5:samba:el8", "package": "samba-0:4.15.5-100.el8rhgs", "product_name": "Red Hat Gluster Storage 3.5 for RHEL 8", "release_date": "2022-05-10T00:00:00Z"}], "bugzilla": {"description": "samba: Information leak via symlinks of existance of files or directories outside of the exported share", "id": "2046120", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046120"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-59", "details": ["All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.", "A vulnerability was found in Samba due to an insecure link following. By querying a symlink inside the exported share using SMB1 with unix extensions turned on, an attacker can discover if a named or directory exists on the filesystem outside the exported share. This flaw allows a remote authenticated attacker to obtain sensitive information."], "mitigation": {"lang": "en:us", "value": "Do not enable SMB1 (please note SMB1 is disabled by default in Samba from version 4.11.0 and onwards). This prevents the creation or querying of symbolic links via SMB1. If SMB1 must be enabled for backwards compatibility then add the parameter:\n```\nunix extensions = no\n```\nto the [global] section of your smb.conf and restart smbd. This prevents SMB1 clients from creating or reading symlinks on the exported file system.\nHowever, if the same region of the file system is also exported allowing write access via NFS, NFS clients can create symlinks that allow SMB1 with unix extensions clients to discover the existance of the NFS created symlink targets. For non-patched versions of Samba we recommend only exporting areas of the file system by either SMB2 or NFS, not both."}, "name": "CVE-2021-44141", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "samba4", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-01-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-44141\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-44141\nhttps://www.samba.org/samba/security/CVE-2021-44141.html"], "threat_severity": "Moderate", "upstream_fix": "samba 4.13.17, samba 4.14.12, samba 4.15.4"}