CVE-2017-2619

Loading...

General

Score:6.0/10.0
Severity:Medium
Category:Interaction Error
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:Multiple

Relative vulnerabilities

CVE-2007-2444, CVE-2007-2446, CVE-2007-2447, CVE-2008-1105, CVE-2008-3789, CVE-2008-4314, CVE-2009-2813, CVE-2009-2906, CVE-2009-2948, CVE-2009-3297, CVE-2010-0728, CVE-2010-3069, CVE-2011-0719, CVE-2011-2522, CVE-2011-2694, CVE-2012-0817, CVE-2012-1182, CVE-2012-2111, CVE-2012-6150, CVE-2013-0172, CVE-2013-0213, CVE-2013-0214, CVE-2013-4124, CVE-2013-4408, CVE-2013-4475, CVE-2013-4496, CVE-2013-6442, CVE-2014-0178, CVE-2014-0244, CVE-2014-3493, CVE-2014-3560, CVE-2015-0240, CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-5370, CVE-2015-7560, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118, CVE-2016-2119, CVE-2016-2125, CVE-2016-2126, CVE-2017-12150, CVE-2017-12151, CVE-2017-12163, CVE-2017-14746, CVE-2017-15275, CVE-2017-7494, CVE-2017-9461, CVE-2018-1050, CVE-2018-10858, CVE-2018-1139

Published on 12/03/18 - Updated on 10/10/19

Description

Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.

Category: Interaction Error

CWE-362 (Race Conditions)
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Security Notices

US National Vulnerability DatabaseCVE-2017-2619
Amazon Linux ALAS-2017-834
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2017-AVI-091, CERTFR-2019-AVI-014
CentOS CESA-2017:1265, CESA-2017:2789, CESA-2018:1860
Debian DSA-3816-1
Debian LTSDLA-894-1
Oracle Linux ELSA-2017-1265, ELSA-2017-1950, ELSA-2017-2789, ELSA-2018-1860, ELSA-2018-3056
Redhat RHSA-2017:1265, RHSA-2017:2338, RHSA-2017:2778, RHSA-2017:2789, RHSA-2018:1860
Renater 2017/VULN082, 2017/VULN160
SUSE SUSE-SU-2017:0841, SUSE-SU-2017:0858, SUSE-SU-2017:0859, SUSE-SU-2017:0862, SUSE-SU-2017:1216
Ubuntu USN-3242-1, USN-3267-1

Exploits

Exploit-DBEDB-41740

Relative technologies

VendorProduct
debiandebian_linux
redhatenterprise_linux
sambasamba

Share this vulnerability with:

Twitter Facebook LinkedIn Mail