Back to bug 2046120
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Huzaifa S. Sidhpurwala | 2022-01-26 09:57:29 UTC | CC | security-response-team | |
| Huzaifa S. Sidhpurwala | 2022-01-26 09:58:15 UTC | Blocks | 2046121 | |
| Huzaifa S. Sidhpurwala | 2022-01-26 10:01:20 UTC | Depends On | 2046129, 2046127 | |
| Huzaifa S. Sidhpurwala | 2022-01-26 10:04:53 UTC | Fixed In Version | samba 4.13.17, samba 4.14.12, samba 4.15.4 | |
| Hardik Vyas | 2022-01-26 13:31:54 UTC | Depends On | 2046262 | |
| Guenther Deschner | 2022-01-28 14:29:39 UTC | Link ID | Samba Project 14911 | |
| Huzaifa S. Sidhpurwala | 2022-01-31 14:19:16 UTC | CC | iboukris, jstephen, lmohanty, madam, rhs-smb, sbose, ssorce | |
| Summary | EMBARGOED CVE-2021-44141 samba: Information leak via symlinks of existance of files or directories outside of the exported share | CVE-2021-44141 samba: Information leak via symlinks of existance of files or directories outside of the exported share | ||
| Deadline | 2022-01-31 | |||
| Group | qe_staff, security | |||
| Huzaifa S. Sidhpurwala | 2022-01-31 14:19:39 UTC | Depends On | 2048566 | |
| errata-xmlrpc | 2022-05-10 04:16:02 UTC | Link ID | Red Hat Product Errata RHSA-2022:1756 | |
| errata-xmlrpc | 2022-05-10 15:15:40 UTC | Link ID | Red Hat Product Errata RHSA-2022:2074 | |
| Product Security DevOps Team | 2022-05-12 03:15:15 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2022-05-12 03:15:15 UTC | |||
| TEJ RATHI | 2023-07-11 08:37:23 UTC | Doc Text | A vulnerability was found in Samba which exists due to insecure link following. By querying a symlink inside the exported share using SMB1 with unix extensions turned on, an attacker could exploit this vulnerability to discover if a named or directory exists on the filesystem outside of the exported share. This flaw could allow a remote authenticated attacker to obtain sensitive information. | |
| RaTasha Tillery-Smith | 2023-07-11 13:31:35 UTC | Doc Text | A vulnerability was found in Samba which exists due to insecure link following. By querying a symlink inside the exported share using SMB1 with unix extensions turned on, an attacker could exploit this vulnerability to discover if a named or directory exists on the filesystem outside of the exported share. This flaw could allow a remote authenticated attacker to obtain sensitive information. | A vulnerability was found in Samba due to an insecure link following. By querying a symlink inside the exported share using SMB1 with unix extensions turned on, an attacker can discover if a named or directory exists on the filesystem outside the exported share. This flaw allows a remote authenticated attacker to obtain sensitive information. |
Back to bug 2046120