Sven Schwedas
2022-Jan-10 15:06 UTC
[Samba] [Announce] Samba meta-data symlink vulnerability CVE-2021-20316
On 10.01.22 15:52, Jule Anger via samba wrote:> ======> Details > ======> > All versions of Samba prior to 4.15.0 are vulnerable to a malicious > client using an SMB1 or NFS symlink race to allow filesystem metadata > to be accessed in an area of the server file system not exported under > the share definition. Note that SMB1 has to be enabled, or the share > also available via NFS in order for this attack to succeed.Just for clarification: If client min protocol is set to SMB2 or higher, *or* unix entensions are disabled, and NFS is not used, this is not exploitable? Or do Unix extensions always allow this race, even with recent protocol versions? -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 665 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20220110/bc3eb769/OpenPGP_signature.sig>
Ralph Boehme
2022-Jan-10 15:31 UTC
[Samba] [Announce] Samba meta-data symlink vulnerability CVE-2021-20316
On 1/10/22 16:06, Sven Schwedas via samba wrote:> Just for clarification: If client min protocol is set to SMB2 or higher, > *or* unix entensions are disabled, and NFS is not used, this is not > exploitable?correct. Unless you allow access by ssh.> Or do Unix extensions always allow this race, even with > recent protocol versions?SMB2 and newer don't (yet) support UNIX extensions. -slow -- Ralph Boehme, Samba Team https://samba.org/ SerNet Samba Team Lead https://sernet.de/en/team-samba -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20220110/93481a10/OpenPGP_signature.sig>