Security Bulletin: IBM i is vulnerable to bypass security restrictions due to Samba SMB1 (CVE-2021-43566 and CVE-2021-44141)

Summary

Samba is available on IBM i to provide file system access. Samba is vulnerable to the issues described in the vulnerability details section. IBM i has addressed the applicable CVEs in the Samba implementation by providing a fix.

Vulnerability Details

CVEID:CVE-2021-43566
**DESCRIPTION:**Samba could allow a remote authenticated attacker to bypass security restrictions, caused by a symlink race error. By using a specially-crafted SMB1 or NFS symlink, an attacker could exploit this vulnerability to create a directory in a part of the server file system not exported under the share definition.
CVSS Base score: 2.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217058 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2021-44141
**DESCRIPTION:**Samba could allow a remote authenticated attacker to obtain sensitive information. By querying a symlink inside the exported share using SMB1 with unix extensions turned on, an attacker could exploit this vulnerability to discover if a named or directory exists on the filesystem outside of the exported share.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218468 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Remediation/Fixes

The issues can be fixed by applying a PTF to IBM i. Releases 7.4 and 7.3 of IBM i will be fixed.

The IBM i PTF numbers containing the fix for the CVEs are:

Release 7.4 - SI78680
Release 7.3 - SI78679

https://www.ibm.com/support/fixcentral

_Important note: _IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.

Workarounds and Mitigations

None