[Bug 1545750] Re: Access denied if the share path is "/"

Dariusz Gadomski 1545750 at bugs.launchpad.net
Mon Feb 15 15:34:27 UTC 2016 

Debdiff for Xenial.

** Description changed:

- The fix for bug #11395 / CVE-2015-5252 
+ [Impact]
+ 
+  * User is denied access when trying to access a share "/"
+ 
+ [Test Case]
+ 
+  * Setup a Samba server
+ 
+  * Add a share with path "/"
+ 
+  * Try to access the share
+ 
+ [Regression Potential]
+ 
+  * This has been introduced upstream by security patch CVE-2015-5252.
+ 
+  * It has been already fixed upstream.
+ 
+  * This is just a backport of the fix.
+ 
+ [Other Info]
+  
+  * Original bug description:
+ 
+ The fix for bug #11395 / CVE-2015-5252
  https://git.samba.org/?p=samba.git;a=commitdiff;h=7606c0db257b3f9d84da5b2bf5fbb4034cc8d77d
  locked down the path checks in check_reduced_name[_with_privilege]() to prevent unintended access via wide links.
  
  The new checks do not correctly treat a corner case though: the case of
  the share path being "/". (Important e.g. for using the glusterfs VFS
  module.)
  
  In this case all operations after tree connect get ACCESS_DENIED.

** Patch added: "xenial_samba_4.3.3+dfsg-1ubuntu2.debdiff"
   https://bugs.launchpad.net/samba/+bug/1545750/+attachment/4572180/+files/xenial_samba_4.3.3+dfsg-1ubuntu2.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1545750

Title:
  Access denied if the share path is "/"

Status in samba:
  Unknown
Status in samba package in Ubuntu:
  Confirmed
Status in samba source package in Precise:
  Confirmed
Status in samba source package in Trusty:
  Confirmed
Status in samba source package in Wily:
  Confirmed
Status in samba package in Debian:
  Unknown

Bug description:
  [Impact]

   * User is denied access when trying to access a share "/"

  [Test Case]

   * Setup a Samba server

   * Add a share with path "/"

   * Try to access the share

  [Regression Potential]

   * This has been introduced upstream by security patch CVE-2015-5252.

   * It has been already fixed upstream.

   * This is just a backport of the fix.

  [Other Info]
   
   * Original bug description:

  The fix for bug #11395 / CVE-2015-5252
  https://git.samba.org/?p=samba.git;a=commitdiff;h=7606c0db257b3f9d84da5b2bf5fbb4034cc8d77d
  locked down the path checks in check_reduced_name[_with_privilege]() to prevent unintended access via wide links.

  The new checks do not correctly treat a corner case though: the case
  of the share path being "/". (Important e.g. for using the glusterfs
  VFS module.)

  In this case all operations after tree connect get ACCESS_DENIED.

To manage notifications about this bug go to:
https://bugs.launchpad.net/samba/+bug/1545750/+subscriptions

More information about the foundations-bugs mailing list