Astra Linux - уязвимость в samba

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client that can use a server symlink to determine whether a file or directory exists in a part of the server file system that is not exported under the share definition. This attack can only succeed if SMB1 with unix extensions i...

Azure Linux 3.0 Security Update: samba (CVE-2021-44141)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-44141 advisory. - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determin...

Linux Distros Unpatched Vulnerability : CVE-2021-44141

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the...

PT-2024-10126

The rsync software is affected by a path traversal issue, which arises from the behavior enabled by the --inc-recursive option. This option is default-enabled for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive...

SUSE CVE-2021-44141

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succee...

OESA-2022-1770 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the...

Oracle Linux 8 : samba (ELSA-2022-2074)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-2074 advisory. - resolves: rhbz2046127 - Fix CVE-2021-44141 - resolves: rhbz2046153 - Fix CVE-2021-44142 - resolves: rhbz2039153 - Fix CVE-2021-20316 - resolves:...

AZL-8610 CVE-2021-44141 affecting package samba 4.12.5-7

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succee...

ALPINE-CVE-2021-44141

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succee...

DEBIAN-CVE-2021-44141

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succee...

SUSE SLES12 Security Update : samba (SUSE-SU-2022:0323-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0323-1 advisory. - Kerberos acceptors need easy access to stable AD identifiers eg objectSid. Samba as an AD DC now provides a way for Linux...

Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory

Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1039 The Samba server is supposed to only grant access to configured share directories unless "wide links" are enabled, in which case the server is allowed to...

CVE-2012-4417

GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names...

CVE-2012-4417

GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names...

CVE-2000-0015

CascadeView TFTP server allows local users to gain privileges via a symlink attack...