Korean
<< Back
VID 23332
Severity 40
Port 139
Protocol TCP
Class Samba
Detailed Description The version of Samba running on the remote host is 4.13.x prior to 4.13.17, 4.14.x prior to 4.14.12, or 4.15.x prior to 4.15.5. It is, therefore, affected by multiple vulnerabilities:

- Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution. (CVE-2021-44142)

- Information leak via symlinks of existence of files or directories outside of the exported share. (CVE-2021-44141)

- Samba AD users with permission to write to an account can impersonate arbitrary services. (CVE-2022-0336)

* References:
https://www.samba.org/samba/history/security.html
https://www.samba.org/samba/security/CVE-2021-44141.html
https://www.samba.org/samba/security/CVE-2021-44142.html
https://www.samba.org/samba/security/CVE-2022-0336.html

* Platforms Affected:
Samba Project, Samba versions 4.15.x prior to 4.15.5
Linux Any version
Unix Any version
Recommendation Upgrade to the latest version of Samba 4.15.5 or later, available from the Samba Web site at https://www.samba.org/samba/download/
Related URL CVE-2021-44141,CVE-2021-44142,CVE-2022-0336 (CVE)
Related URL (SecurityFocus)
Related URL (ISS)