[3.5] samba: Symlink race allows access outside share definition (CVE-2017-2619)
All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12 are vulnerable to
a malicious client using a symlink race to allow access to areas of
the server file system not exported under the share definition.
Samba uses the realpath() system call to ensure when a client requests
access to a pathname that it is under the exported share path on the
server file system.
References:
https://www.samba.org/samba/security/CVE-2017-2619.html
https://www.samba.org/samba/history/security.html
(from redmine: issue id 7051, created on 2017-03-24, closed on 2017-05-02)
- Relations:
- parent #7049 (closed)
- Changesets:
- Revision 2e74ac78 on 2017-03-27T14:43:56Z:
main/samba: security upgrade to 4.5.7 (CVE-2017-2619). Fixes #7051