[Samba] [Announce] Samba meta-data symlink vulnerability CVE-2021-20316

Ralph Boehme slow at samba.org
Mon Jan 10 15:31:02 UTC 2022


On 1/10/22 16:06, Sven Schwedas via samba wrote:
> Just for clarification: If client min protocol is set to SMB2 or higher, 
> *or* unix entensions are disabled, and NFS is not used, this is not 
> exploitable? 

correct. Unless you allow access by ssh.

> Or do Unix extensions always allow this race, even with 
> recent protocol versions?

SMB2 and newer don't (yet) support UNIX extensions.

-slow

-- 
Ralph Boehme, Samba Team                 https://samba.org/
SerNet Samba Team Lead      https://sernet.de/en/team-samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20220110/93481a10/OpenPGP_signature.sig>


More information about the samba mailing list