[3.5] samba: Symlink race allows access outside share definition (CVE-2017-2619)ID: oval:org.secpod.oval:def:1800766 | Date: (C)2018-03-28 (M)2022-09-02 |
Class: PATCH | Family: unix |
All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12 are vulnerable to a malicious client using a symlink race to allow access to areas ofthe server file system not exported under the share definition. Samba uses the realpath system call to ensure when a client requests access to a pathname that it is under the exported share path on the server file system.
Platform: |
Alpine Linux 3.5 |