SynopsisThe remote host is running a version of Samba server that is affected by a local file disclosure attack vector.
DescriptionVersions of Samba 4.4.x prior to 4.4.12, 4.5.x prior to 4.5.7, and 4.6.x prior to 4.6.1 are unpatched, and therefore affected by a race condition that is triggered after the 'realpath()' system call has checked a path. This may allow a local attacker to potentially rename a recently checked path and use a symlink to read from unauthorized parts of the file system.
SolutionUpgrade Samba to version 4.6.1 or later. If version 4.6.x cannot be obtained, versions 4.5.7, and 4.4.12 are also patched for these issues.