CVE-2017-2619

Published: 23 March 2017

Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
samba
Launchpad, Ubuntu, Debian
Upstream
Released (4.6.1,4.5.7,4.4.12)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2:4.3.11+dfsg-0ubuntu0.16.04.5)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2:4.3.11+dfsg-0ubuntu0.14.04.6)
samba4
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist