rpm package
almalinux/samba-vfs-iouring
pkg:rpm/almalinux/samba-vfs-iouring
Vulnerabilities (23)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-44141 | — | < 4.15.5-5.el8 | 4.15.5-5.el8 | Feb 21, 2022 | All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this | ||
| CVE-2020-25717 | — | < 4.14.5-7.el8_5 | 4.14.5-7.el8_5 | Feb 18, 2022 | A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. | ||
| CVE-2016-2124 | — | < 4.14.5-7.el8_5 | 4.14.5-7.el8_5 | Feb 18, 2022 | A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. |
- CVE-2021-44141Feb 21, 2022affected < 4.15.5-5.el8fixed 4.15.5-5.el8
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this
- CVE-2020-25717Feb 18, 2022affected < 4.14.5-7.el8_5fixed 4.14.5-7.el8_5
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.
- CVE-2016-2124Feb 18, 2022affected < 4.14.5-7.el8_5fixed 4.14.5-7.el8_5
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
Page 2 of 2