Information Exposure Affecting samba package, versions [,4.11.0)


0.0
medium
  • Attack Complexity

    Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-UNMANAGED-SAMBA-2961662

  • published

    28 Jul 2022

  • disclosed

    27 Jul 2022

  • credit

    Luca Moro

How to fix?

Upgrade samba to version 4.11.0 or higher.

Overview

Affected versions of this package are vulnerable to Information Exposure. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).

Note: Samba versions 4.11.0 and above disable SMB1 by default, and will only be vulnerable if the administrator has deliberately enabled SMB1 in the smb.conf file.