Samba 4.4.x < 4.4.12 / 4.5.x < 4.5.7 / 4.6.x < 4.6.1 Path Renaming Symlink Local File Disclosure

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Samba server is affected by an information disclosure
vulnerability.

Description :

The version of Samba running on the remote host is 4.4.x prior to
4.4.12, 4.5.x prior to 4.5.7, or 4.6.x prior to 4.6.1. It is,
therefore, affected by an information disclosure vulnerability due to
a race condition between calls to lstat() for symlink checks and calls
to open() to read a file. A local attacker can exploit this, by
replacing a recently checked path with a symlink, to disclose
arbitrary files on the system.

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.

See also :

https://www.samba.org/samba/security/CVE-2017-2619.html
https://www.samba.org/samba/history/samba-4.4.12.html
https://www.samba.org/samba/history/samba-4.5.7.html
https://www.samba.org/samba/history/samba-4.6.1.html

Solution :

Upgrade to Samba version 4.4.12 / 4.5.7 / 4.6.1 or later.
Alternatively, apply the patch or workaround referenced in the vendor
advisory.

Risk factor :

Low / CVSS Base Score : 1.2
(CVSS2#AV:L/AC:H/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 1.0
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 99199 ()

Bugtraq ID: 97033

CVE ID: CVE-2017-2619

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now