[3.4] samba: Symlink race allows access outside share definition (CVE-2017-2619)ID: oval:org.secpod.oval:def:1800637 | Date: (C)2018-03-28 (M)2023-12-20 |
Class: PATCH | Family: unix |
All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition. Samba uses the real path system call to ensure when a client requests access to a pathname that it is under the exported share path on the server file system.
Platform: |
Alpine Linux 3.4 |