[Buildroot] [PATCH] samba4: security bump to version 4.5.7
Thomas Petazzoni
thomas.petazzoni at free-electrons.com
Tue Mar 28 19:43:49 UTC 2017
Hello,
On Tue, 28 Mar 2017 17:18:08 +0200, Peter Korsgaard wrote:
> Fixes CVE-2017-2619:
>
> All versions of Samba prior to 4.6.1, 4.5.7, 4.4.11 are vulnerable to
> a malicious client using a symlink race to allow access to areas of
> the server file system not exported under the share definition.
>
> Samba uses the realpath() system call to ensure when a client requests
> access to a pathname that it is under the exported share path on the
> server file system.
>
> Clients that have write access to the exported part of the file system
> via SMB1 unix extensions or NFS to create symlinks can race the server
> by renaming a realpath() checked path and then creating a symlink. If
> the client wins the race it can cause the server to access the new
> symlink target after the exported share path check has been done. This
> new symlink target can point to anywhere on the server file system.
>
> This is a difficult race to win, but theoretically possible. Note that
> the proof of concept code supplied wins the race reliably only when
> the server is slowed down using the strace utility running on the
> server. Exploitation of this bug has not been seen in the wild.
>
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> ---
> package/samba4/samba4.hash | 2 +-
> package/samba4/samba4.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
Applied to master, thanks. Obviously for the LTS branch! :)
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
More information about the buildroot
mailing list