#VU6630 Race condition in Samba - CVE-2017-2619
Published: May 23, 2017 / Updated: May 23, 2017
Vulnerability identifier: #VU6630
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2017-2619
CWE-ID: CWE-362
Exploitation vector: Adjecent network
Exploit availability:
Public exploit is available
Vulnerable software:
Samba
Samba
Software vendor:
Samba
Samba
Description
The vulnerability allows a remote authenticated user to access otherwise restricted files.
The vulnerability exists due to a race condition when processing symlinks, which lead to files outside the shared folder. An attacker with ability to crate a symlink on a network share can access files not exported under the share definition.
Successful exploitation of the vulnerability may allow an attacker to gain access to potentially sensitive data, but requires that server is under heavy load.
The vulnerability exists due to a race condition when processing symlinks, which lead to files outside the shared folder. An attacker with ability to crate a symlink on a network share can access files not exported under the share definition.
Successful exploitation of the vulnerability may allow an attacker to gain access to potentially sensitive data, but requires that server is under heavy load.
Remediation
The vulnerability is patched in versions 4.6.1, 4.5.7 and 4.4.12.