{"containers": {"cna": {"affected": [{"product": "samba", "vendor": "Samba", "versions": [{"status": "affected", "version": "4.6.1"}, {"status": "affected", "version": "4.5.7"}, {"status": "affected", "version": "4.4.11"}]}], "datePublic": "2017-03-27T00:00:00", "descriptions": [{"lang": "en", "value": "Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-362", "description": "CWE-362", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-03-13T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2017:2778", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2778"}, {"name": "DSA-3816", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2017/dsa-3816"}, {"name": "97033", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97033"}, {"name": "41740", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/41740/"}, {"name": "1038117", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038117"}, {"name": "RHSA-2017:2338", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2338"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.samba.org/samba/security/CVE-2017-2619.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429472"}, {"name": "RHSA-2017:1265", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1265"}, {"name": "RHSA-2017:2789", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2789"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "DATE_PUBLIC": "2017-03-27T00:00:00", "ID": "CVE-2017-2619", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "samba", "version": {"version_data": [{"version_value": "4.6.1"}, {"version_value": "4.5.7"}, {"version_value": "4.4.11"}]}}]}, "vendor_name": "Samba"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-362"}]}]}, "references": {"reference_data": [{"name": "RHSA-2017:2778", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2778"}, {"name": "DSA-3816", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-3816"}, {"name": "97033", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97033"}, {"name": "41740", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/41740/"}, {"name": "1038117", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038117"}, {"name": "RHSA-2017:2338", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2338"}, {"name": "https://www.samba.org/samba/security/CVE-2017-2619.html", "refsource": "CONFIRM", "url": "https://www.samba.org/samba/security/CVE-2017-2619.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1429472", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429472"}, {"name": "RHSA-2017:1265", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1265"}, {"name": "RHSA-2017:2789", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2789"}, {"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:02:07.264Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2017:2778", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2778"}, {"name": "DSA-3816", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2017/dsa-3816"}, {"name": "97033", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/97033"}, {"name": "41740", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/41740/"}, {"name": "1038117", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038117"}, {"name": "RHSA-2017:2338", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2338"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.samba.org/samba/security/CVE-2017-2619.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429472"}, {"name": "RHSA-2017:1265", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1265"}, {"name": "RHSA-2017:2789", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2789"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-2619", "datePublished": "2018-03-12T15:00:00Z", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2024-09-17T00:45:45.569Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "D4B7275C-E576-47DB-815F-59B41A60E00F", "versionEndExcluding": "4.4.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4B76B98-699A-42A0-B3C4-27363FCAD55A", "versionEndExcluding": "4.5.7", "versionStartIncluding": "4.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D983DA0-9B5D-4D47-87A7-A2CA67417F45", "versionEndExcluding": "4.6.1", "versionStartIncluding": "4.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition."}, {"lang": "es", "value": "Samba, en versiones anteriores a 4.6.1, 4.5.7 y 4.4.11, es vulnerable a un cliente malicioso que emplee una carrera symlink para permitir el acceso a \u00e1reas del sistema de archivos del servidor que no se exportan bajo la definici\u00f3n compartida."}], "id": "CVE-2017-2619", "lastModified": "2022-08-29T20:20:29.883", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-12T15:29:00.443", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97033"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038117"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:1265"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2338"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2778"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2789"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429472"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2017/dsa-3816"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/41740/"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.samba.org/samba/security/CVE-2017-2619.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}, {"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-362"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jann Horn (Google) as the original reporter.", "affected_release": [{"advisory": "RHSA-2017:2789", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "samba-0:3.6.23-45.el6_9", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2017-09-21T00:00:00Z"}, {"advisory": "RHSA-2017:1265", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "samba-0:4.4.4-13.el7_3", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-05-22T00:00:00Z"}, {"advisory": "RHSA-2017:2338", "cpe": "cpe:/a:redhat:storage:3.2:samba:el7", "package": "samba-0:4.6.3-4.el7rhgs", "product_name": "Red Hat Gluster Storage 3.2 for RHEL 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:2778", "cpe": "cpe:/a:redhat:storage:3.3:samba:el6", "package": "libldb-0:1.1.29-1.el6rhs", "product_name": "Red Hat Gluster Storage 3.3 for RHEL 6", "release_date": "2017-09-21T00:00:00Z"}, {"advisory": "RHSA-2017:2778", "cpe": "cpe:/a:redhat:storage:3.3:samba:el6", "package": "libtalloc-0:2.1.9-1.el6rhs", "product_name": "Red Hat Gluster Storage 3.3 for RHEL 6", "release_date": "2017-09-21T00:00:00Z"}, {"advisory": "RHSA-2017:2778", "cpe": "cpe:/a:redhat:storage:3.3:samba:el6", "package": "libtdb-0:1.3.12-1.1.el6rhs", "product_name": "Red Hat Gluster Storage 3.3 for RHEL 6", "release_date": "2017-09-21T00:00:00Z"}, {"advisory": "RHSA-2017:2778", "cpe": "cpe:/a:redhat:storage:3.3:samba:el6", "package": "libtevent-0:0.9.31-1.el6rhs", "product_name": "Red Hat Gluster Storage 3.3 for RHEL 6", "release_date": "2017-09-21T00:00:00Z"}, {"advisory": "RHSA-2017:2778", "cpe": "cpe:/a:redhat:storage:3.3:samba:el6", "package": "samba-0:4.6.3-5.el6rhs", "product_name": "Red Hat Gluster Storage 3.3 for RHEL 6", "release_date": "2017-09-21T00:00:00Z"}], "bugzilla": {"description": "samba: symlink race permits opening files outside share directory", "id": "1429472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429472"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L", "status": "verified"}, "cwe": "CWE-362", "details": ["Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.", "A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions."], "mitigation": {"lang": "en:us", "value": "Add the parameter:\nunix extensions = no\nto the [global] section of your smb.conf and restart smbd. This prevents SMB1 clients from creating symlinks on the exported file system using SMB1.\nHowever, if the same region of the file system is also exported using NFS, NFS clients can create symlinks that potentially can also hit the race condition. For non-patched versions of Samba we recommend only exporting areas of the file system by either SMB or NFS, not both."}, "name": "CVE-2017-2619", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "samba3x", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "samba4", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2017-03-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-2619\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2619\nhttps://www.samba.org/samba/security/CVE-2017-2619.html"], "threat_severity": "Moderate", "upstream_fix": "samba 4.6.1, samba 4.5.7, samba 4.4.11"}