Your submission was sent successfully! Close

CVE-2017-2619

Published: 23 March 2017

Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
samba
Launchpad, Ubuntu, Debian
precise
Released (2:3.6.25-0ubuntu0.12.04.9)
trusty
Released (2:4.3.11+dfsg-0ubuntu0.14.04.6)
upstream
Released (4.6.1,4.5.7,4.4.12)
xenial
Released (2:4.3.11+dfsg-0ubuntu0.16.04.5)
yakkety
Released (2:4.4.5+dfsg-2ubuntu5.4)
zesty
Released (2:4.5.8+dfsg-0ubuntu0.17.04.1)
samba4
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was needed)
trusty Does not exist

upstream Needs triage

xenial Does not exist

yakkety Does not exist

zesty Does not exist