ID:1204 - Exploit for Race condition in Samba - CVE-2017-2619
Published: March 18, 2020
Vulnerability identifier: #VU6630
Vulnerability risk: Low
CVE-ID: CVE-2017-2619
CWE-ID: CWE-362
Exploitation vector: Adjecent network
Vulnerable software:
Samba
Samba
Link to public exploit:
Vulnerability description
The vulnerability allows a remote authenticated user to access otherwise restricted files.
The vulnerability exists due to a race condition when processing symlinks, which lead to files outside the shared folder. An attacker with ability to crate a symlink on a network share can access files not exported under the share definition.
Successful exploitation of the vulnerability may allow an attacker to gain access to potentially sensitive data, but requires that server is under heavy load.
The vulnerability exists due to a race condition when processing symlinks, which lead to files outside the shared folder. An attacker with ability to crate a symlink on a network share can access files not exported under the share definition.
Successful exploitation of the vulnerability may allow an attacker to gain access to potentially sensitive data, but requires that server is under heavy load.
Remediation
The vulnerability is patched in versions 4.6.1, 4.5.7 and 4.4.12.