All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.

🗓️ 15 Oct 2024 07:00:00Reported by MicrosoftType

mscve

mscve🔗 msrc.microsoft.com👁 1 Views

Samba pre-4.15.5 allows probing outside share via server symlinks with SMB1 Unix extensions.

Reporter	Title	Published	Views	Family All 123
IBM Security Bulletins	Security Bulletin: IBM i is vulnerable to bypass security restrictions due to Samba SMB1 (CVE-2021-43566 and CVE-2021-44141)	2 Mar 202214:24	–	ibm
FreeBSD	samba -- Multiple Vulnerabilities	31 Jan 202200:00	–	freebsd
Tenable Nessus	Amazon Linux 2022 : ctdb, ctdb-pcp-pmda, libsmbclient (ALAS2022-2022-022)	11 Dec 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2022 : samba (ALAS2022-2022-224)	10 Dec 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : libnetapi, libnetapi-devel, libsmbclient (ALAS2023-2023-032)	21 Mar 202300:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0176: samba (ALINUX3-SA-2022:0176)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : samba (ALSA-2022:2074)	12 May 202200:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: samba (CVE-2021-44141)	22 Jan 202600:00	–	nessus
Tenable Nessus	CentOS 8 : samba (CESA-2022:2074)	10 May 202200:00	–	nessus
Tenable Nessus	FreeBSD : samba -- Multiple Vulnerabilities (8579074c-839f-11ec-a3b2-005056a311d1)	2 Feb 202200:00	–	nessus

Vulners

Node

microsoft azl3_samba_4.18.3-1Range<4.18.3-1

15 Oct 2024 07:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 23.5

CVSS 3.14.3

EPSS0.00308

samba server symlinks unix extensions version 4.15.5