CVE-2021-20316
samba: Symlink race error can allow metadata read and modify outside of the exported share
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.
Se ha encontrado un fallo en la forma en que Samba maneja los metadatos de los archivos/directorios. Este fallo permite a un atacante autenticado con permisos para leer o modificar los metadatos del recurso compartido, llevar a cabo esta operaciĆ³n fuera del recurso compartido.
Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges. Issues addressed include an information leakage vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-17 CVE Reserved
- 2022-05-10 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-31 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2021-20316 | Mitigation |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2021-20316 | 2022-05-10 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2009673 | 2022-05-10 | |
| https://bugzilla.samba.org/show_bug.cgi?id=14842 | 2023-09-17 | |
| https://security.gentoo.org/glsa/202309-06 | 2023-09-17 | |
| https://www.samba.org/samba/security/CVE-2021-20316.html | 2023-09-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | < 4.15.0 Search vendor "Samba" for product "Samba" and version " < 4.15.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Virtualization Host Search vendor "Redhat" for product "Virtualization Host" | 4.0 Search vendor "Redhat" for product "Virtualization Host" and version "4.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Aus Search vendor "Redhat" for product "Enterprise Linux Aus" | 8.6 Search vendor "Redhat" for product "Enterprise Linux Aus" and version "8.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 8.6 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Tus Search vendor "Redhat" for product "Enterprise Linux Tus" | 8.6 Search vendor "Redhat" for product "Enterprise Linux Tus" and version "8.6" | - |
Affected
| ||||||