2.5 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1.2 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:H/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
44.3%
All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | samba | < 2:4.16.0+dfsg-2 | samba_2:4.16.0+dfsg-2_all.deb |
Debian | 11 | all | samba | < 2:4.13.13+dfsg-1~deb11u4 | samba_2:4.13.13+dfsg-1~deb11u4_all.deb |
Debian | 10 | all | samba | <= 2:4.9.5+dfsg-5+deb10u3 | samba_2:4.9.5+dfsg-5+deb10u3_all.deb |
Debian | 999 | all | samba | < 2:4.16.0+dfsg-2 | samba_2:4.16.0+dfsg-2_all.deb |
Debian | 13 | all | samba | < 2:4.16.0+dfsg-2 | samba_2:4.16.0+dfsg-2_all.deb |
2.5 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1.2 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:H/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
44.3%