Unrated severityNVD Advisory· Published Jan 11, 2022· Updated Aug 4, 2024
CVE-2021-43566
CVE-2021-43566
Description
All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
58- Samba/Sambadescription
- Range: <4.13.16
- osv-coords56 versionspkg:rpm/opensuse/apparmor&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/krb5&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/krb5-mini&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/ldb&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/libapparmor&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/samba&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/sssd&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/talloc&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/talloc-man&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/tdb&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/tevent&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/tevent-man&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/apparmor&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/apparmor&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/apparmor&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3pkg:rpm/suse/apparmor&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/apparmor&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/apparmor&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/ca-certificates&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/ca-certificates&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3pkg:rpm/suse/ldb&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/ldb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/libapparmor&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/libapparmor&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/libnettle&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libnettle&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/p11-kit&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP5pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP3pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP3pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/sssd&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/sssd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/sssd&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/sssd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/sssd&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/talloc&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/talloc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/talloc-man&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/tdb&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/tdb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/tevent&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/tevent&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/tevent-man&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/yast2-samba-client&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/yast2-samba-client&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
< 2.13.6-150300.3.11.2+ 55 more
- (no CPE)range: < 2.13.6-150300.3.11.2
- (no CPE)range: < 1.19.2-150300.8.3.2
- (no CPE)range: < 1.19.2-150300.8.3.2
- (no CPE)range: < 2.4.1-150300.3.10.1
- (no CPE)range: < 2.13.6-150300.3.11.1
- (no CPE)range: < 4.15.4+git.324.8332acf1a63-150300.3.25.3
- (no CPE)range: < 1.16.1-150300.23.17.3
- (no CPE)range: < 2.3.3-150300.3.3.2
- (no CPE)range: < 2.3.3-150300.3.3.1
- (no CPE)range: < 1.4.4-150300.3.3.2
- (no CPE)range: < 0.11.0-150300.3.3.2
- (no CPE)range: < 0.11.0-150300.3.3.1
- (no CPE)range: < 2.13.6-150300.3.11.2
- (no CPE)range: < 2.13.6-150300.3.11.2
- (no CPE)range: < 2.13.6-150300.3.11.2
- (no CPE)range: < 2.8.2-56.6.3
- (no CPE)range: < 2.8.2-56.6.3
- (no CPE)range: < 2.8.2-56.6.3
- (no CPE)range: < 1_201403302107-15.3.3
- (no CPE)range: < 1_201403302107-15.3.3
- (no CPE)range: < 3.4.17-8.4.1
- (no CPE)range: < 3.4.17-8.4.1
- (no CPE)range: < 1.19.2-150300.8.3.2
- (no CPE)range: < 1.19.2-150300.8.3.2
- (no CPE)range: < 1.19.2-150300.8.3.2
- (no CPE)range: < 2.4.1-150300.3.10.1
- (no CPE)range: < 2.4.1-150300.3.10.1
- (no CPE)range: < 2.13.6-150300.3.11.1
- (no CPE)range: < 2.13.6-150300.3.11.1
- (no CPE)range: < 3.1-21.3.2
- (no CPE)range: < 3.1-21.3.2
- (no CPE)range: < 0.23.2-8.3.2
- (no CPE)range: < 0.23.2-8.3.2
- (no CPE)range: < 0.23.2-8.3.2
- (no CPE)range: < 4.15.4+git.324.8332acf1a63-3.54.1
- (no CPE)range: < 4.15.4+git.324.8332acf1a63-150300.3.25.3
- (no CPE)range: < 4.15.4+git.324.8332acf1a63-150300.3.25.3
- (no CPE)range: < 4.15.4+git.324.8332acf1a63-150300.3.25.3
- (no CPE)range: < 4.15.4+git.324.8332acf1a63-3.54.1
- (no CPE)range: < 4.15.4+git.324.8332acf1a63-3.54.1
- (no CPE)range: < 4.15.4+git.324.8332acf1a63-3.54.1
- (no CPE)range: < 1.16.1-150300.23.17.3
- (no CPE)range: < 1.16.1-150300.23.17.3
- (no CPE)range: < 1.16.1-7.28.9
- (no CPE)range: < 1.16.1-7.28.9
- (no CPE)range: < 1.16.1-7.28.9
- (no CPE)range: < 2.3.3-150300.3.3.2
- (no CPE)range: < 2.3.3-150300.3.3.2
- (no CPE)range: < 2.3.3-150300.3.3.1
- (no CPE)range: < 1.4.4-150300.3.3.2
- (no CPE)range: < 1.4.4-150300.3.3.2
- (no CPE)range: < 0.11.0-150300.3.3.2
- (no CPE)range: < 0.11.0-150300.3.3.2
- (no CPE)range: < 0.11.0-150300.3.3.1
- (no CPE)range: < 3.1.23-3.3.1
- (no CPE)range: < 3.1.23-3.3.1
Patches
Vulnerability mechanics
References
3- bugzilla.samba.org/show_bug.cgimitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20220110-0001/mitrex_refsource_CONFIRM
- www.samba.org/samba/security/CVE-2021-43566.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.