[Bug 1545750] Re: Access denied if the share path is "/"
Dariusz Gadomski
1545750 at bugs.launchpad.net
Mon Feb 15 15:34:27 UTC 2016
Debdiff for Xenial.
** Description changed:
- The fix for bug #11395 / CVE-2015-5252
+ [Impact]
+
+ * User is denied access when trying to access a share "/"
+
+ [Test Case]
+
+ * Setup a Samba server
+
+ * Add a share with path "/"
+
+ * Try to access the share
+
+ [Regression Potential]
+
+ * This has been introduced upstream by security patch CVE-2015-5252.
+
+ * It has been already fixed upstream.
+
+ * This is just a backport of the fix.
+
+ [Other Info]
+
+ * Original bug description:
+
+ The fix for bug #11395 / CVE-2015-5252
https://git.samba.org/?p=samba.git;a=commitdiff;h=7606c0db257b3f9d84da5b2bf5fbb4034cc8d77d
locked down the path checks in check_reduced_name[_with_privilege]() to prevent unintended access via wide links.
The new checks do not correctly treat a corner case though: the case of
the share path being "/". (Important e.g. for using the glusterfs VFS
module.)
In this case all operations after tree connect get ACCESS_DENIED.
** Patch added: "xenial_samba_4.3.3+dfsg-1ubuntu2.debdiff"
https://bugs.launchpad.net/samba/+bug/1545750/+attachment/4572180/+files/xenial_samba_4.3.3+dfsg-1ubuntu2.debdiff
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1545750
Title:
Access denied if the share path is "/"
To manage notifications about this bug go to:
https://bugs.launchpad.net/samba/+bug/1545750/+subscriptions
More information about the Ubuntu-server-bugs
mailing list