Astra Linux - уязвимость в samba

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client that can use a server symlink to determine whether a file or directory exists in a part of the server file system that is not exported under the share definition. This attack can only succeed if SMB1 with unix extensions i...

Azure Linux 3.0 Security Update: samba (CVE-2021-44141)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-44141 advisory. - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determin...

EUVD-2010-1179

Malware in sbrugna...

EUVD-2021-30994

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-44141

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the...

CVE-2021-44141

...

K45752041: Samba vulnerability CVE-2021-44141

Security Advisory Description All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in...

SUSE CVE-2006-5871

smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.34, when UNIX extensions are enabled, ignores certain mount options, which could cause clients to use server-specified uid, gid and mode settings...

SUSE CVE-2007-3740

The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges...

SUSE CVE-2010-0926

The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create...

SUSE CVE-2010-1148

The cifscreate function in fs/cifs/dir.c in the Linux kernel 2.6.33.2 and earlier allows local users to cause a denial of service NULL pointer dereference and OOPS or possibly have unspecified other impact via a NULL nameidata aka nd field in a POSIX file-creation request to a server that support...

SUSE CVE-2021-44141

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succee...

SUSE CVE-2022-3592

A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks...

CVE-2022-3592

A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks...

PT-2022-5231 · Samba +1 · Samba +1

Name of the Vulnerable Software and Affected Versions: Samba affected versions not specified Description: A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with acces...

The vulnerability affects Unix extensions such as SMB1 and NFS, which are components of network communication software like Samba. This vulnerability allows attackers to compromise data integrity.

The vulnerability of Unix extensions like SMB1 and NFS network communication software such as Samba is related to the simultaneous execution using a shared resource with incorrect synchronization. Exploiting this vulnerability allows an attacker to compromise data integrity...

OESA-2022-1770 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the...

Oracle Linux 8 : samba (ELSA-2022-2074)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-2074 advisory. - resolves: rhbz2046127 - Fix CVE-2021-44141 - resolves: rhbz2046153 - Fix CVE-2021-44142 - resolves: rhbz2039153 - Fix CVE-2021-20316 - resolves:...

samba: Information leak via symlinks of existance of files or directories outside of the exported share

A vulnerability was found in Samba due to an insecure link following. By querying a symlink inside the exported share using SMB1 with unix extensions turned on, an attacker can discover if a named or directory exists on the filesystem outside the exported share. This flaw allows a remote...

QNAP QTS / QuTS hero Multiple Vulnerabilities in Samba (QSA-22-03)

The version of QNAP QTS or QuTS hero on the remote host is affected by multiple vulnerabilities in the Samba component, as follows: - The Samba vfsfruit module uses extended file attributes EA, xattr to provide '...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk...