Anolis OS update for samba



| Updated: 2025-03-28
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2021-20316
CVE-2021-44141
CWE-ID CWE-362
CWE-59
Exploitation vector Network
Public exploit N/A
Vulnerable software
Anolis OS
Operating systems & Components / Operating system

samba-pidl
Operating systems & Components / Operating system package or component

samba-common
Operating systems & Components / Operating system package or component

samba-winexe
Operating systems & Components / Operating system package or component

samba-winbind-modules
Operating systems & Components / Operating system package or component

samba-winbind-krb5-locator
Operating systems & Components / Operating system package or component

samba-winbind-clients
Operating systems & Components / Operating system package or component

samba-winbind
Operating systems & Components / Operating system package or component

samba-test-libs
Operating systems & Components / Operating system package or component

samba-test
Operating systems & Components / Operating system package or component

samba-libs
Operating systems & Components / Operating system package or component

samba-krb5-printing
Operating systems & Components / Operating system package or component

samba-common-tools
Operating systems & Components / Operating system package or component

samba-common-libs
Operating systems & Components / Operating system package or component

samba-client-libs
Operating systems & Components / Operating system package or component

samba-client
Operating systems & Components / Operating system package or component

samba
Operating systems & Components / Operating system package or component

python3-samba-test
Operating systems & Components / Operating system package or component

python3-samba
Operating systems & Components / Operating system package or component

libwbclient
Operating systems & Components / Operating system package or component

libsmbclient
Operating systems & Components / Operating system package or component

ctdb
Operating systems & Components / Operating system package or component

Vendor OpenAnolis

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Race condition

EUVDB-ID: #VU78991

Risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-20316

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to a race condition. A remote user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

samba-pidl: before 4.15.5-5.0.1

samba-common: before 4.15.5-5.0.1

samba-winexe: before 4.15.5-5.0.1

samba-winbind-modules: before 4.15.5-5.0.1

samba-winbind-krb5-locator: before 4.15.5-5.0.1

samba-winbind-clients: before 4.15.5-5.0.1

samba-winbind: before 4.15.5-5.0.1

samba-test-libs: before 4.15.5-5.0.1

samba-test: before 4.15.5-5.0.1

samba-libs: before 4.15.5-5.0.1

samba-krb5-printing: before 4.15.5-5.0.1

samba-common-tools: before 4.15.5-5.0.1

samba-common-libs: before 4.15.5-5.0.1

samba-client-libs: before 4.15.5-5.0.1

samba-client: before 4.15.5-5.0.1

samba: before 4.15.5-5.0.1

python3-samba-test: before 4.15.5-5.0.1

python3-samba: before 4.15.5-5.0.1

libwbclient: before 4.15.5-5.0.1

libsmbclient: before 4.15.5-5.0.1

ctdb: before 4.15.5-5.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2022:0436


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Link following

EUVDB-ID: #VU60187

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-44141

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to insecure link following. A remote user with ability to write files to the exported part of the file system under a share via SMB1 unix extensions or via NFS can create a symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

samba-pidl: before 4.15.5-5.0.1

samba-common: before 4.15.5-5.0.1

samba-winexe: before 4.15.5-5.0.1

samba-winbind-modules: before 4.15.5-5.0.1

samba-winbind-krb5-locator: before 4.15.5-5.0.1

samba-winbind-clients: before 4.15.5-5.0.1

samba-winbind: before 4.15.5-5.0.1

samba-test-libs: before 4.15.5-5.0.1

samba-test: before 4.15.5-5.0.1

samba-libs: before 4.15.5-5.0.1

samba-krb5-printing: before 4.15.5-5.0.1

samba-common-tools: before 4.15.5-5.0.1

samba-common-libs: before 4.15.5-5.0.1

samba-client-libs: before 4.15.5-5.0.1

samba-client: before 4.15.5-5.0.1

samba: before 4.15.5-5.0.1

python3-samba-test: before 4.15.5-5.0.1

python3-samba: before 4.15.5-5.0.1

libwbclient: before 4.15.5-5.0.1

libsmbclient: before 4.15.5-5.0.1

ctdb: before 4.15.5-5.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2022:0436


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###