Home > Vulnerability Database > CVE-2021-44141

Mend.io Vulnerability Database

CVE-2021-44141

Date: February 20, 2022

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.

Language: C

Severity Score

4.3

Related Resources (9)

Url: https://security.alpinelinux.org/vuln/CVE-2021-44141

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-44141

Url: https://access.redhat.com/security/cve/CVE-2021-44141

Url: https://www.samba.org/samba/security/CVE-2021-44141.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-44141

Url: https://github.com/samba-team/samba/commit/43455edd29af00a0a4186f83557eec7481434170

Url: https://security-tracker.debian.org/tracker/CVE-2021-44141

Url: https://security.gentoo.org/glsa/202309-06

Url: https://www.mend.io/vulnerability-database/CVE-2021-44141

Severity Score

4.3

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Improper Link Resolution Before File Access ('Link Following')

CWE-59

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	3.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-44141

Date: February 20, 2022

Language: C

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?