CVE-2021-44141
MEDIUMSamba < 4.15.5 - Unauthenticated Exposure of Sensitive Information via SMB1 Symlink
Title source: llmDescription
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.
References (2)
Core 2
Core References
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202309-06
Mitigation, Vendor Advisory
https://www.samba.org/samba/security/CVE-2021-44141.html
Scores
CVSS v3
4.3
EPSS
0.0031
EPSS Percentile
54.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
CWE-59
Status
published
Products (4)
fedoraproject/fedora
34
fedoraproject/fedora
35
redhat/storage
3.0
samba/samba
< 4.15.5
Published
Feb 21, 2022
Tracked Since
Feb 18, 2026