#VU6630 Race condition in Samba


Published: 2020-03-18

Vulnerability identifier: #VU6630

Vulnerability risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-2619

CWE-ID: CWE-362

Exploitation vector: Local network

Exploit availability: Yes

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description
The vulnerability allows a remote authenticated user to access otherwise restricted files.

The vulnerability exists due to a race condition when processing symlinks, which lead to files outside the shared folder. An attacker with ability to crate a symlink on a network share can access files not exported under the share definition.

Successful exploitation of the vulnerability may allow an attacker to gain access to potentially sensitive data, but requires that server is under heavy load.

Mitigation
The vulnerability is patched in versions 4.6.1, 4.5.7 and 4.4.12.

Vulnerable software versions

Samba: 4.4.0 - 4.4.11, 4.5.0 - 4.5.6, 4.6.0

External links
http://www.samba.org/samba/security/CVE-2017-2619.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


Red Hat update for samba
Red Hat update for Samba
Red Hat update for samba
Amazon Linux AMI update for samba
Red Hat update for samba
CentOS update for samba
SUSE Linux update for samba
Ubuntu update for Samba
OpenSUSE Linux update for samba
OpenSUSE Linux update for samba