[Bug 1545750] Re: Access denied if the share path is "/"
Bug Watch Updater
1545750 at bugs.launchpad.net
Sun Feb 28 08:02:07 UTC 2016
** Changed in: samba (Debian)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1545750
Title:
Access denied if the share path is "/"
Status in samba:
Unknown
Status in samba package in Ubuntu:
Fix Released
Status in samba source package in Precise:
Fix Released
Status in samba source package in Trusty:
Fix Released
Status in samba source package in Wily:
Fix Released
Status in samba package in Debian:
Confirmed
Bug description:
[Impact]
* User is denied access when trying to access a share "/"
[Test Case]
* Setup a Samba server
* Add a share with path "/"
* Try to access the share
[Regression Potential]
* This has been introduced upstream by security patch CVE-2015-5252.
* It has been already fixed upstream.
* This is just a backport of the fix.
[Other Info]
* Original bug description:
The fix for bug #11395 / CVE-2015-5252
https://git.samba.org/?p=samba.git;a=commitdiff;h=7606c0db257b3f9d84da5b2bf5fbb4034cc8d77d
locked down the path checks in check_reduced_name[_with_privilege]() to prevent unintended access via wide links.
The new checks do not correctly treat a corner case though: the case
of the share path being "/". (Important e.g. for using the glusterfs
VFS module.)
In this case all operations after tree connect get ACCESS_DENIED.
To manage notifications about this bug go to:
https://bugs.launchpad.net/samba/+bug/1545750/+subscriptions
More information about the Ubuntu-sponsors
mailing list