| Name | CVE-2021-43566 |
| Description | All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 1004691 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| samba (PTS) | jessie, jessie (lts) | 2:4.2.14+dfsg-0+deb8u15 | vulnerable |
| stretch (security), stretch (lts), stretch | 2:4.5.16+dfsg-1+deb9u4 | vulnerable |
| buster | 2:4.9.5+dfsg-5+deb10u3 | vulnerable |
| buster (security) | 2:4.9.5+dfsg-5+deb10u5 | vulnerable |
| bullseye | 2:4.13.13+dfsg-1~deb11u5 | fixed |
| bullseye (security) | 2:4.13.13+dfsg-1~deb11u6 | fixed |
| bookworm (security), bookworm | 2:4.17.12+dfsg-0+deb12u1 | fixed |
| trixie | 2:4.19.5+dfsg-1 | fixed |
| sid | 2:4.19.6+dfsg-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| samba | source | experimental | 2:4.16.0+dfsg-1 | | | |
| samba | source | bullseye | 2:4.13.13+dfsg-1~deb11u4 | | | |
| samba | source | (unstable) | 2:4.16.0+dfsg-2 | | | 1004691 |
Notes
[buster] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists)
https://www.samba.org/samba/security/CVE-2021-43566.html
https://bugzilla.samba.org/show_bug.cgi?id=13979
[stretch] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists)
[jessie] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists)