[3.2] samba: Symlink race allows access outside share definition (CVE-2017-2619)
All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12 are vulnerable to
a malicious client using a symlink race to allow access to areas of
the server file system not exported under the share definition.
Samba uses the realpath() system call to ensure when a client requests
access to a pathname that it is under the exported share path on the
server file system.
References:
https://www.samba.org/samba/security/CVE-2017-2619.html
https://www.samba.org/samba/history/security.html
(from redmine: issue id 7054, created on 2017-03-24, closed on 2017-05-02)
- Relations:
- parent #7049 (closed)
- Changesets:
- Revision c25c75b8 on 2017-05-02T06:56:21Z:
main/samba: security fixes #7054 (CVE-2017-2619)