Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
| Link | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2017:2778 | third party advisory vendor advisory |
| https://www.debian.org/security/2017/dsa-3816 | third party advisory vendor advisory |
| http://www.securityfocus.com/bid/97033 | third party advisory vdb entry |
| https://www.exploit-db.com/exploits/41740/ | third party advisory vdb entry exploit |
| http://www.securitytracker.com/id/1038117 | third party advisory vdb entry |
| https://access.redhat.com/errata/RHSA-2017:2338 | third party advisory vendor advisory |
| https://www.samba.org/samba/security/CVE-2017-2619.html | vendor advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=1429472 | third party advisory issue tracking |
| https://access.redhat.com/errata/RHSA-2017:1265 | third party advisory vendor advisory |
| https://access.redhat.com/errata/RHSA-2017:2789 | third party advisory vendor advisory |
| https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us | third party advisory |