Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-2619Race Condition in Samba

CWE-362Race ConditionCWE-59Link Following10 documents8 sources
Severity
7.5HIGHNVD
EPSS
40.7%
top 2.62%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
SambaDebian SambaDebian Linux+1 more
Timeline
PublishedMar 12
Latest updateMay 13

Description

Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages4 packages

NVDsamba/samba4.5.04.5.7+2
debiandebian/samba< samba 2:4.5.6+dfsg-2 (bookworm)
Debiansamba/samba< 2:4.5.6+dfsg-2+3
CVEListV5samba/samba4.4.11, 4.5.7, 4.6.1+2

Also affects: Debian Linux 8.0, Enterprise Linux 6.0, 7.0

🔴Vulnerability Details

2
GHSA
GHSA-gpq8-xrm8-w2qr: Samba before versions 42022-05-13
OSV
CVE-2017-2619: Samba before versions 42018-03-12

💥Exploits & PoCs

1
Exploit-DB
Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory2017-03-27

📋Vendor Advisories

4
Ubuntu
Samba vulnerability2017-04-25
Ubuntu
Samba vulnerability2017-03-23
Red Hat
samba: symlink race permits opening files outside share directory2017-03-23
Debian
CVE-2017-2619: samba - Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious clie...2017

💬Community

2
Bugzilla
CVE-2017-2619 samba: symlink race permits opening files outside share directory [fedora-all]2017-03-23
Bugzilla
CVE-2017-2619 samba: symlink race permits opening files outside share directory2017-03-06