[Samba] [Announce] Samba meta-data symlink vulnerability CVE-2021-20316
Jeremy Allison
jra at samba.org
Mon Jan 10 17:54:47 UTC 2022
On Mon, Jan 10, 2022 at 06:43:02PM +0100, Ralph Boehme via samba wrote:
>On 1/10/22 17:51, Jeremy Allison wrote:
>>On Mon, Jan 10, 2022 at 04:31:02PM +0100, Ralph Boehme via samba wrote:
>>>On 1/10/22 16:06, Sven Schwedas via samba wrote:
>>>>Just for clarification: If client min protocol is set to SMB2 or
>>>>higher, *or* unix entensions are disabled, and NFS is not used,
>>>>this is not exploitable?
>>>
>>>correct. Unless you allow access by ssh.
>>
>>If you allow access via ssh, you have local access to
>>all readable files anyway :-).
>
>well, yes, but remember there are some codepaths where we do things as
>root, so I wouldn't bet on it.
OK, yeah - it's a fair cop 'guv :-).
More information about the samba
mailing list