Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6
CVSSv2

CVE-2017-2619

Published: 12/03/2018 Updated: 29/08/2022
CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8
CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6
VMScore: 605
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Summary

Samba prior to 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

samba samba

redhat enterprise linux 7.0

redhat enterprise linux 6.0

debian debian linux 8.0

Vendor Advisories

Ubuntu Security Notice: samba vulnerability
Samba could be made to expose sensitive information over the network ...
Ubuntu Security Notice: samba vulnerability
Samba could be made to expose sensitive information over the network ...
Red Hat: Moderate: samba security, bug fix, and enhancement update
Synopsis Moderate: samba security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for samba is now available for Red Hat Gluster Storage 33 for RHEL 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Sc ...
Red Hat: Low: samba security and bug fix update
Synopsis Low: samba security and bug fix update Type/Severity Security Advisory: Low Topic An update for samba is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which giv ...
Red Hat: Moderate: samba security and bug fix update
Synopsis Moderate: samba security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for samba is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base s ...
Red Hat: Moderate: samba security update
Synopsis Moderate: samba security update Type/Severity Security Advisory: Moderate Topic An update for samba is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which ...
Debian Security Advisories: DSA-3816-1 samba -- security update
Jann Horn of Google discovered a time-of-check, time-of-use race condition in Samba, a SMB/CIFS file, print, and login server for Unix A malicious client can take advantage of this flaw by exploiting a symlink race to access areas of the server file system not exported under a share definition For the stable distribution (jessie), this problem ha ...
Amazon Linux AMI: ALAS-2017-834
A remote code execution flaw was found in Samba A malicious authenticatedsamba client, having write access to the samba share, could use this flaw toexecute arbitrary code as root (CVE-2017-7494) It was found that Samba always requested forwardable tickets when using Kerberos authentication A service to which Samba authenticated using Kerberos c ...

Exploits

Exploit DB: Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory
Source: bugschromiumorg/p/project-zero/issues/detail?id=1039 The Samba server is supposed to only grant access to configured share directories unless "wide links" are enabled, in which case the server is allowed to follow symlinks The default (since CVE-2010-0926) is that wide links are disabled smbd ensures that it isn't following sy ...

Github Repositories

https://github.com/kezzyhko/vulnsamba

Vulnerable samba versions and exploits, wrapped in docker containers

vulnsamba This repo contains proof of concept exploits for 2 CVEs on old versions of samba For each CVE, there are two docker containers: victim and attacker Table of contents CVE-2010-0926 Information and links Containers description Instructions to reproduce CVE-2017-2619 Information and links Containers description Instructions to reproduce CVE-2010-0926 Informatio

Recent Articles

Samba slip-up smackdown: HPE stops NonStop Server bugs
The Register • Richard Chirgwin • 11 Jul 2017

If SambaCry escaped your notice in June, get busy

HPE NonStop users running Samba need to get busy applying workarounds to a pair of remotely exploitable vulnerabilities. The first, SambaCry, has been present in Samba since 2010 but was named and outed in late May 2017. Assigned CVE-2017-7494, it allowed a malicious Samba client with write access could execute code as root. F5 Networks explained that all the attacker need do is upload a shared library to a writable share, because the server will execute it with the privileges of the Samba daemo...

Read more...

References

CWE-362CWE-59https://www.samba.org/samba/security/CVE-2017-2619.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1429472https://www.exploit-db.com/exploits/41740/https://www.debian.org/security/2017/dsa-3816https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_ushttps://access.redhat.com/errata/RHSA-2017:2789https://access.redhat.com/errata/RHSA-2017:2778https://access.redhat.com/errata/RHSA-2017:2338https://access.redhat.com/errata/RHSA-2017:1265http://www.securitytracker.com/id/1038117http://www.securityfocus.com/bid/97033https://nvd.nist.govhttps://usn.ubuntu.com/3242-1/https://www.exploit-db.com/exploits/41740/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201CVE-2024-4779CVE-2024-35090CVE-2024-5084hard-codedCVE-2024-4985HTML injectionCVE-2024-33655local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook