1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
5 <title>Samba 4.5.7 - Release Notes</title>
8 <H2>Samba 4.5.7 Available for Download</H2>
10 <a href="https://download.samba.org/pub/samba/stable/samba-4.5.7.tar.gz">Samba 4.5.7 (gzipped)</a><br>
11 <a href="https://download.samba.org/pub/samba/stable/samba-4.5.7.tar.asc">Signature</a>
14 <a href="https://download.samba.org/pub/samba/patches/samba-4.5.6-4.5.7.diffs.gz">Patch (gzipped) against Samba 4.5.6</a><br>
15 <a href="https://download.samba.org/pub/samba/patches/samba-4.5.6-4.5.7.diffs.asc">Signature</a>
19 =============================
20 Release Notes for Samba 4.5.7
22 =============================
25 This is a security release in order to address the following defect:
27 o CVE-2017-2619 (Symlink race allows access outside share definition)
34 All versions of Samba prior to 4.6.1, 4.5.7, 4.4.11 are vulnerable to
35 a malicious client using a symlink race to allow access to areas of
36 the server file system not exported under the share definition.
38 Samba uses the realpath() system call to ensure when a client requests
39 access to a pathname that it is under the exported share path on the
42 Clients that have write access to the exported part of the file system
43 via SMB1 unix extensions or NFS to create symlinks can race the server
44 by renaming a realpath() checked path and then creating a symlink. If
45 the client wins the race it can cause the server to access the new
46 symlink target after the exported share path check has been done. This
47 new symlink target can point to anywhere on the server file system.
49 This is a difficult race to win, but theoretically possible. Note that
50 the proof of concept code supplied wins the race reliably only when
51 the server is slowed down using the strace utility running on the
52 server. Exploitation of this bug has not been seen in the wild.
58 o Jeremy Allison <jra@samba.org>
59 * BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share
62 o Ralph Boehme <slow@samba.org>
63 * BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share