CVE-2021-44141

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-44141
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-44141.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-44141
Downstream
Related
Published
2022-02-21T18:15:08.493Z
Modified
2026-03-15T22:42:27.307870Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.

References

Affected packages

Git / github.com/samba-team/samba

Affected ranges

Type
GIT
Repo
https://github.com/samba-team/samba
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
27bd8a323591486e76e916a6084c7300bf358eec
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4fba936a8ab9afbdb7eaf2789d57850fbec35a77
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.15.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0"
        }
    ]
}

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "34"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "35"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-44141.json"