[Samba] [Announce] Samba meta-data symlink vulnerability CVE-2021-20316

Sven Schwedas sven.schwedas at tao.at
Mon Jan 10 15:06:33 UTC 2022

On 10.01.22 15:52, Jule Anger via samba wrote:
> =======
> Details
> =======
> All versions of Samba prior to 4.15.0 are vulnerable to a malicious
> client using an SMB1 or NFS symlink race to allow filesystem metadata
> to be accessed in an area of the server file system not exported under
> the share definition. Note that SMB1 has to be enabled, or the share
> also available via NFS in order for this attack to succeed.

Just for clarification: If client min protocol is set to SMB2 or higher, 
*or* unix entensions are disabled, and NFS is not used, this is not 
exploitable? Or do Unix extensions always allow this race, even with 
recent protocol versions?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20220110/bc3eb769/OpenPGP_signature.sig>

More information about the samba mailing list