FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- symlink race allows access outside share definition

Affected packages
3.6.0 <= samba36 <= 3.6.25_4
4.0.0 <= samba4 <= 4.0.26
4.1.0 <= samba41 <= 4.1.23
4.2.0 <= samba42 <= 4.2.14
4.3.0 <= samba43 <= 4.3.13
4.4.0 <= samba44 < 4.4.12
4.5.0 <= samba45 < 4.5.7
4.6.0 <= samba46 < 4.6.1

Details

VuXML ID 2826317b-10ec-11e7-944e-000c292e4fd8
Discovery 2017-03-23
Entry 2017-03-24

Samba team reports:

A time-of-check, time-of-use race condition can allow clients to access non-exported parts of the file system via symlinks.

References

CVE Name CVE-2017-2619
URL https://www.samba.org/samba/security/CVE-2017-2619.html