| VID |
23331 |
| Severity |
40 |
| Port |
139 |
| Protocol |
TCP |
| Class |
Samba |
| Detailed Description |
The version of Samba running on the remote host is 4.13.x prior to 4.13.17, 4.14.x prior to 4.14.12, or 4.15.x prior to 4.15.5. It is, therefore, affected by multiple vulnerabilities:
- Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution. (CVE-2021-44142)
- Information leak via symlinks of existence of files or directories outside of the exported share. (CVE-2021-44141)
- Samba AD users with permission to write to an account can impersonate arbitrary services. (CVE-2022-0336)
* References:
https://www.samba.org/samba/history/security.html
https://www.samba.org/samba/security/CVE-2021-44141.html
https://www.samba.org/samba/security/CVE-2021-44142.html
https://www.samba.org/samba/security/CVE-2022-0336.html
* Platforms Affected:
Samba Project, Samba versions 4.14.x prior to 4.14.12
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Samba 4.14.12 or later, available from the Samba Web site at https://www.samba.org/samba/download/ |
| Related URL |
CVE-2021-44141,CVE-2021-44142,CVE-2022-0336 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
