Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2021-43566)

Summary

A Samba vulnerability affects IBM Spectrum Scale SMB protocol access method that could allow a remote attacker to bypass security restrictions and gain unauthorized access to files

Vulnerability Details

CVEID:CVE-2021-43566
**DESCRIPTION:**Samba could allow a remote authenticated attacker to bypass security restrictions, caused by a symlink race error. By using a specially-crafted SMB1 or NFS symlink, an attacker could exploit this vulnerability to create a directory in a part of the server file system not exported under the share definition.
CVSS Base score: 2.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217058 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Remediation/Fixes

For IBM Spectrum Scale V5.1.0 through V5.1.2.2, apply V5.1.3 or later available from FixCentral at :

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.1.3&platform=Linux+PPC64LE&function=all

Workarounds and Mitigations

None