Skip to main content

Samba Releases Security Update

Scheduled update for Samba addresses vulnerability CVE-2021-43566.

Report a cyber attack: call 0300 303 5222 or email carecert@nhsdigital.nhs.uk

Summary

Scheduled update for Samba addresses vulnerability CVE-2021-43566.


Affected platforms

The following platforms are known to be affected:

Threat details

Introduction

Samba has released a security update to address a vulnerability in Samba. All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS symlink race to allow a directory to be created in an area of the server file system not exported under the share definition. At the time of publishing, no exploitation has been seen in the wild. An attacker could exploit this vulnerability to take control of an affected system.


Remediation advice

Affected organisations are encouraged to review the following Samba Security Announcement and apply the necessary update or workaround.



Last edited: 12 January 2022 12:40 pm