vulnerability

Oracle Linux: CVE-2021-44141: ELSA-2022-2074: samba security, bug fix, and enhancement update (MODERATE)

Try Surface Command
Back to search
Severity
3
CVSS
(AV:N/AC:M/Au:S/C:P/I:N/A:N)
Published
Jan 31, 2022
Added
May 18, 2022
Modified
Dec 3, 2025

Description

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.
A vulnerability was found in Samba due to an insecure link following. By querying a symlink inside the exported share using SMB1 with unix extensions turned on, an attacker can discover if a named or directory exists on the filesystem outside the exported share. This flaw allows a remote authenticated attacker to obtain sensitive information.

Solutions

oracle-linux-upgrade-ctdboracle-linux-upgrade-libsmbclientoracle-linux-upgrade-libsmbclient-develoracle-linux-upgrade-libwbclientoracle-linux-upgrade-libwbclient-develoracle-linux-upgrade-python3-sambaoracle-linux-upgrade-python3-samba-testoracle-linux-upgrade-sambaoracle-linux-upgrade-samba-clientoracle-linux-upgrade-samba-client-libsoracle-linux-upgrade-samba-commonoracle-linux-upgrade-samba-common-libsoracle-linux-upgrade-samba-common-toolsoracle-linux-upgrade-samba-develoracle-linux-upgrade-samba-krb5-printingoracle-linux-upgrade-samba-libsoracle-linux-upgrade-samba-pidloracle-linux-upgrade-samba-testoracle-linux-upgrade-samba-test-libsoracle-linux-upgrade-samba-vfs-iouringoracle-linux-upgrade-samba-winbindoracle-linux-upgrade-samba-winbind-clientsoracle-linux-upgrade-samba-winbind-krb5-locatororacle-linux-upgrade-samba-winbind-modulesoracle-linux-upgrade-samba-winexe

References

Title
Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report