FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- symlink race allows access outside share definition

Affected packages
3.6.0	<=	samba36	<=	3.6.25_4
4.0.0	<=	samba4	<=	4.0.26
4.1.0	<=	samba41	<=	4.1.23
4.2.0	<=	samba42	<=	4.2.14
4.3.0	<=	samba43	<=	4.3.13
4.4.0	<=	samba44	<	4.4.12
4.5.0	<=	samba45	<	4.5.7
4.6.0	<=	samba46	<	4.6.1

Details

VuXML ID	2826317b-10ec-11e7-944e-000c292e4fd8
Discovery	2017-03-23
Entry	2017-03-24

Samba team reports:

A time-of-check, time-of-use race condition can allow clients to access non-exported parts of the file system via symlinks.

[source]

References

CVE Name	CVE-2017-2619
URL	https://www.samba.org/samba/security/CVE-2017-2619.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.