CVE 2017-2619
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
Related bugs and status
CVE-2017-2619 (Candidate) is related to these bugs:
Bug #1675698: Cannot access anything under a subdirectory if symlinks are disallowed
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1675698 | Cannot access anything under a subdirectory if symlinks are disallowed | samba (Ubuntu) | Undecided | Invalid | ||
1675698 | Cannot access anything under a subdirectory if symlinks are disallowed | samba (Debian) | Unknown | Fix Released | ||
1675698 | Cannot access anything under a subdirectory if symlinks are disallowed | samba | Unknown | Unknown | ||
1675698 | Cannot access anything under a subdirectory if symlinks are disallowed | samba (Ubuntu Trusty) | High | Fix Released | ||
1675698 | Cannot access anything under a subdirectory if symlinks are disallowed | samba (Ubuntu Precise) | High | Fix Released | ||
1675698 | Cannot access anything under a subdirectory if symlinks are disallowed | samba (Ubuntu Xenial) | High | Fix Released | ||
1675698 | Cannot access anything under a subdirectory if symlinks are disallowed | samba (Ubuntu Zesty) | Undecided | Invalid | ||
1675698 | Cannot access anything under a subdirectory if symlinks are disallowed | samba (Ubuntu Yakkety) | High | Fix Released |
Bug #1701073: CVE-2017-2619 regression breaks symlinks to directories
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1701073 | CVE-2017-2619 regression breaks symlinks to directories | samba (Ubuntu) | High | Fix Released | ||
1701073 | CVE-2017-2619 regression breaks symlinks to directories | samba | Unknown | Unknown | ||
1701073 | CVE-2017-2619 regression breaks symlinks to directories | samba (Ubuntu Xenial) | High | Fix Released | ||
1701073 | CVE-2017-2619 regression breaks symlinks to directories | samba (Ubuntu Yakkety) | High | Fix Released | ||
1701073 | CVE-2017-2619 regression breaks symlinks to directories | samba (Ubuntu Zesty) | High | Fix Released |
Bug #1702529: ACCESS_DENIED with symlinks within a root ("/") share
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1702529 | ACCESS_DENIED with symlinks within a root ("/") share | samba (Ubuntu) | Medium | Fix Released | ||
1702529 | ACCESS_DENIED with symlinks within a root ("/") share | samba | Unknown | Unknown | ||
1702529 | ACCESS_DENIED with symlinks within a root ("/") share | samba (Ubuntu Trusty) | Medium | Fix Released | ||
1702529 | ACCESS_DENIED with symlinks within a root ("/") share | samba (Ubuntu Zesty) | Medium | Fix Released | ||
1702529 | ACCESS_DENIED with symlinks within a root ("/") share | samba (Ubuntu Xenial) | Medium | Fix Released |
Bug #1710281: New release 4.6.7
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1710281 | New release 4.6.7 | samba (Ubuntu) | Low | Fix Released |
See the
CVE page on Mitre.org
for more details.