Retour
-
Titre
About Samba's vulnerabilities (CVE-2021-44141,CVE-2021-44142 and CVE-2022-0336) -
Description
Vulnerabilities were found in multiple versions of Samba that could have the following impact to the affected systems:
1. Denial of service.
2. Information leak.
3. Arbitrary code execution by remote attackers.
More information about these vulnerabilities can be found here:
-
Cause
This is an industry-wide vulnerability affecting Samba itself and is not specific to SSB. -
Résolution
1. CVE-2022-0336 – SSB does not act as a Samba AD domain controller.
2. CVE-2021-4414 – By default, SSB does not share anything over CIFS on SSB. A user may choose to share certain data over CIFS, however, the minimum SMB version allowed for it is SMB 2.1. SMB version 1 must be used in order to exploit the vulnerability.
3. CVE-2021-44142 – SSB does not use the vfs_fruit module.
Therefore, SSB is not affected by the above vulnerabilities.