Vulnerabilities were found in multiple versions of Samba that could have the following impact to the affected systems:
1. Denial of service.
2. Information leak.
3. Arbitrary code execution by remote attackers.
More information about these vulnerabilities can be found here:
1. CVE-2022-0336 – SSB does not act as a Samba AD domain controller.
2. CVE-2021-4414 – By default, SSB does not share anything over CIFS on SSB. A user may choose to share certain data over CIFS, however, the minimum SMB version allowed for it is SMB 2.1. SMB version 1 must be used in order to exploit the vulnerability.
3. CVE-2021-44142 – SSB does not use the vfs_fruit module.Therefore, SSB is not affected by the above vulnerabilities.
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Conditions d’utilisation Confidentialité