[Bug 1701073] Re: CVE-2017-2619 regression breaks symlinks
Andreas Hasenack
andreas at canonical.com
Fri Jun 30 18:56:32 UTC 2017
Note: if you use smbclient with -m SMB2, which is what windows7+ uses,
you will see the same failure when doing "ls /opt/opt/*":
root at xenial-samba-symlink-1701073:~# smbclient //localhost/cve-root -U ubuntu%ubuntu -c "ls /opt/opt/*"
WARNING: The "syslog" option is deprecated
Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.3.11-Ubuntu]
. D 0 Fri Jun 30 18:51:00 2017
.. D 0 Fri Jun 30 18:11:18 2017
smb.conf N 1245 Fri Jun 30 18:50:58 2017
root D 0 Fri Jun 30 18:11:18 2017
opt D 0 Fri Jun 30 18:51:00 2017
246776448 blocks of size 1024. 246351744 blocks
available
root at xenial-samba-symlink-1701073:~# smbclient //localhost/cve-root -U ubuntu%ubuntu -c "ls /opt/opt/*" -m SMB2
WARNING: The "syslog" option is deprecated
Domain=[XENIAL] OS=[] Server=[]
NT_STATUS_ACCESS_DENIED listing \opt\opt\*
root at xenial-samba-symlink-1701073:~#
I'm still investigating, I'm not getting the exact errors described in the upstream samba bug. They hint that it may depend on the kernel version as well. I'll stop trying with lxd and use VMs because of that.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1701073
Title:
CVE-2017-2619 regression breaks symlinks
To manage notifications about this bug go to:
https://bugs.launchpad.net/samba/+bug/1701073/+subscriptions
More information about the Ubuntu-server-bugs
mailing list