Description
All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed.
References (3)
Core 3
Core References
Exploit, Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.samba.org/show_bug.cgi?id=13979
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220110-0001/
Patch, Vendor Advisory x_refsource_misc
https://www.samba.org/samba/security/CVE-2021-43566.html
Scores
CVSS v3
2.5
EPSS
0.0036
EPSS Percentile
58.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-362
Status
published
Products (1)
samba/samba
< 4.13.16
Published
Jan 11, 2022
Tracked Since
Feb 18, 2026