Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the ser…
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
https://cwe.mitre.org/data/definitions/362.html →Open in CWE collection →The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
https://cwe.mitre.org/data/definitions/59.html →Open in CWE collection →An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
https://capec.mitre.org/data/definitions/17.html →Open in CAPEC collection →The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.
https://capec.mitre.org/data/definitions/26.html →Open in CAPEC collection →This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.
https://capec.mitre.org/data/definitions/29.html →Open in CAPEC collection →An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
https://capec.mitre.org/data/definitions/35.html →Open in CAPEC collection →An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.
https://capec.mitre.org/data/definitions/76.html →Open in CAPEC collection →An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.
https://capec.mitre.org/data/definitions/132.html →Open in CAPEC collection →| Product | Vendor | Status |
|---|---|---|
| ctdb | Tracked | |
| ctdb-tests | Tracked | |
| libldb | Tracked | |
| libnetapi | Tracked | |
| libsmbclient | Tracked | |
| libsmbclient-devel | Tracked | |
| libtalloc | Tracked | |
| libtdb | Tracked | |
| libtevent | Tracked | |
| libwbclient | Tracked | |
| libwbclient-devel | Tracked | |
| python-module-samba | Tracked | |
| samba | Tracked | |
| samba | Tracked | |
| samba | Tracked | |
| samba | Tracked | |
| samba | Tracked | |
| samba | Tracked | |
| samba | Tracked | |
| samba | Tracked |