[Samba] [Announce] Samba meta-data symlink vulnerability CVE-2021-20316
jra at samba.org
Mon Jan 10 16:51:00 UTC 2022
On Mon, Jan 10, 2022 at 04:31:02PM +0100, Ralph Boehme via samba wrote:
>On 1/10/22 16:06, Sven Schwedas via samba wrote:
>>Just for clarification: If client min protocol is set to SMB2 or
>>higher, *or* unix entensions are disabled, and NFS is not used, this
>>is not exploitable?
>correct. Unless you allow access by ssh.
If you allow access via ssh, you have local access to
all readable files anyway :-).
More information about the samba