[Samba] [Announce] Samba meta-data symlink vulnerability CVE-2021-20316
Ralph Boehme
slow at samba.org
Mon Jan 10 17:43:02 UTC 2022
On 1/10/22 17:51, Jeremy Allison wrote:
> On Mon, Jan 10, 2022 at 04:31:02PM +0100, Ralph Boehme via samba wrote:
>> On 1/10/22 16:06, Sven Schwedas via samba wrote:
>>> Just for clarification: If client min protocol is set to SMB2 or
>>> higher, *or* unix entensions are disabled, and NFS is not used, this
>>> is not exploitable?
>>
>> correct. Unless you allow access by ssh.
>
> If you allow access via ssh, you have local access to
> all readable files anyway :-).
well, yes, but remember there are some codepaths where we do things as
root, so I wouldn't bet on it.
-slow
--
Ralph Boehme, Samba Team https://samba.org/
SerNet Samba Team Lead https://sernet.de/en/team-samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20220110/a76f720f/OpenPGP_signature.sig>
More information about the samba
mailing list