Updated: 2023-11-04 20:55:57.573754
Description:
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | LOW | 3.5 |
CVSS Version 3.x | MEDIUM | 4.3 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
---|---|---|---|---|---|---|---|
CentOS 6 ELS | samba | 3.6.23 | 4.3 | MEDIUM | Not Vulnerable | 2022-02-23 14:48:36 | |
CentOS 8.4 ELS | samba | 4.13.3-5 | 4.3 | MEDIUM | Ignored | 2022-06-10 11:37:56 | |
CentOS 8.5 ELS | samba | 4.14.5-7 | 4.3 | MEDIUM | Ignored | 2022-06-10 11:37:56 | |
CloudLinux 6 ELS | samba | 3.6.23 | 4.3 | MEDIUM | Not Vulnerable | 2022-02-23 14:48:36 | |
Oracle Linux 6 ELS | samba | 3.6.23 | 4.3 | MEDIUM | Not Vulnerable | 2022-02-23 14:48:36 | |
Ubuntu 16.04 ELS | samba | 4.3.11 | 4.3 | MEDIUM | Ignored | 2022-02-23 14:48:36 | |
Ubuntu 18.04 ELS | samba | 4.7.6 | 4.3 | MEDIUM | Ignored | 2023-03-02 04:04:13 |
It is impossible to backport security patches to samba versions prior to 4.15.0. The fix of vulnerability requires a massive rewrite of a projects's internal code. Upgrading package is not reasonable due to medium severity of vulnerability. For more details check out an article about fixing samba: https://lwn.net/Articles/884052/