Описание
All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed.
Меры по смягчению последствий
Do not enable SMB1 (please note SMB1 is disabled by default in Samba from version 4.11.0 and onwards). This prevents the creation of symbolic links via SMB1. If SMB1 must be enabled for backwards compatibility then add the parameter: unix extensions = no to the [global] section of your smb.conf and restart smbd. This prevents SMB1 clients from creating symlinks on the exported file system. However, if the same region of the file system is also exported using NFS, NFS clients can create symlinks that potentially can also hit the race condition. For non-patched versions of Samba we recommend only exporting areas of the file system by either SMB2 or NFS, not both.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | samba | Out of support scope | ||
| Red Hat Enterprise Linux 6 | samba4 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | samba | Out of support scope | ||
| Red Hat Enterprise Linux 9 | samba | Not affected | ||
| Red Hat Storage 3 | samba | Affected | ||
| Red Hat Enterprise Linux 8 | samba | Fixed | RHBA-2021:4438 | 09.11.2021 |
| Red Hat Enterprise Linux 8 | samba | Fixed | RHBA-2021:4438 | 09.11.2021 |
Показывать по
Дополнительная информация
Статус:
2.6 Low
CVSS3
Связанные уязвимости
All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed.
All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed.
All versions of Samba prior to 4.13.16 are vulnerable to a malicious c ...
All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed.
2.6 Low
CVSS3