Описание
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 2:4.3.3+dfsg-1ubuntu1 |
| esm-infra-legacy/trusty | not-affected | 2:4.1.6+dfsg-1ubuntu2.14.04.11 |
| esm-infra/xenial | not-affected | 2:4.3.3+dfsg-1ubuntu1 |
| precise | released | 2:3.6.3-2ubuntu2.13 |
| precise/esm | not-affected | 2:3.6.3-2ubuntu2.13 |
| trusty | released | 2:4.1.6+dfsg-1ubuntu2.14.04.11 |
| trusty/esm | not-affected | 2:4.1.6+dfsg-1ubuntu2.14.04.11 |
| upstream | released | 4.3.3,4.2.7,4.1.22 |
| vivid | released | 2:4.1.13+dfsg-4ubuntu3.1 |
| vivid/stable-phone-overlay | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 4.3.3,4.2.7,4.1.22 |
| vivid | DNE | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
EPSS
5 Medium
CVSS2
7.2 High
CVSS3
Связанные уязвимости
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, ...
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.
Уязвимость библиотеки smbd пакета программ сетевого взаимодействия Samba, связанная с недостатком механизма контроля привилегий и средств управления доступом, позволяющая нарушителю оказать воздействие на целостность данных
EPSS
5 Medium
CVSS2
7.2 High
CVSS3