[Bug 1701073] Re: CVE-2017-2619 regression breaks symlinks

Andreas Hasenack andreas at canonical.com
Fri Jun 30 18:56:32 UTC 2017 

Note: if you use smbclient with -m SMB2, which is what windows7+ uses,
you will see the same failure when doing "ls /opt/opt/*":

root at xenial-samba-symlink-1701073:~# smbclient //localhost/cve-root -U ubuntu%ubuntu -c "ls /opt/opt/*"
WARNING: The "syslog" option is deprecated
Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.3.11-Ubuntu]
  .                                   D        0  Fri Jun 30 18:51:00 2017
  ..                                  D        0  Fri Jun 30 18:11:18 2017
  smb.conf                            N     1245  Fri Jun 30 18:50:58 2017
  root                                D        0  Fri Jun 30 18:11:18 2017
  opt                                 D        0  Fri Jun 30 18:51:00 2017

                246776448 blocks of size 1024. 246351744 blocks
available

root at xenial-samba-symlink-1701073:~# smbclient //localhost/cve-root -U ubuntu%ubuntu -c "ls /opt/opt/*" -m SMB2
WARNING: The "syslog" option is deprecated
Domain=[XENIAL] OS=[] Server=[]
NT_STATUS_ACCESS_DENIED listing \opt\opt\*
root at xenial-samba-symlink-1701073:~# 


I'm still investigating, I'm not getting the exact errors described in the upstream samba bug. They hint that it may depend on the kernel version as well. I'll stop trying with lxd and use VMs because of that.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1701073

Title:
  CVE-2017-2619 regression breaks symlinks

Status in samba:
  Unknown
Status in samba package in Ubuntu:
  New

Bug description:
  Found in current version in Xenial (4.3.11+dfsg-0ubuntu0.16.04.7).
  When share's path is '/', symlinks do not work properly from Windows
  client. Gives "Cannot Access" error.

  To reproduce:

  1. Install samba and related dependencies

  apt install -y samba

  2. Add a share at the end of the default file that uses '/' as the
  path:

  [reproducer]
          comment = share
          browseable = no
          writeable = yes
          create mode = 0600
          directory mode = 0700
          path = /

  3. Attempt to access a symlink somewhere within the path of the share
  with a Windows client.

  4. Receive "Windows cannot access..." related error

To manage notifications about this bug go to:
https://bugs.launchpad.net/samba/+bug/1701073/+subscriptions

More information about the foundations-bugs mailing list