An issue has been found in Samba before 4.10.10 where a malicious server can craft a pathname containing separators and return this to client code, causing the client to use this access local pathnames for reading or writing instead of SMB network pathnames.
An issue has been found in Samba before 4.10.10 where a malicious server can craft a pathname containing separators and return this to client code, causing the client to use this access local pathnames for reading or writing instead of SMB network pathnames.
https://www.samba.org/samba/security/CVE-2019-10218.html https://www.samba.org/samba/ftp/patches/security/samba-4.10.9-security-2019-10-29.patch