SB2017092110 - Red Hat update for Samba
Published: September 21, 2017
Security Bulletin ID
SB2017092110
CSH Severity
Low
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Race condition (CVE-ID: CVE-2017-2619)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a remote authenticated user to access otherwise restricted files.
The vulnerability exists due to a race condition when processing symlinks, which lead to files outside the shared folder. An attacker with ability to crate a symlink on a network share can access files not exported under the share definition.
Successful exploitation of the vulnerability may allow an attacker to gain access to potentially sensitive data, but requires that server is under heavy load.
2) Infinite loop (CVE-ID: CVE-2017-9461)
CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists due to improper handling of symbolic links. A remote attacker with access to trusted or internal networks can transmit specially crafted data, trigger and infinite loop and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Remediation
Install update from vendor's website.