group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1675698] Re: Cannot access anything under a subdirectory if symlinks are disallowed

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1675698@xxxxxxxxxxxxxxxxxx>
Date: Thu, 30 Mar 2017 17:26:33 -0000
Reply-to: Bug 1675698 <1675698@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package samba - 2:4.4.5+dfsg-2ubuntu5.5

---------------
samba (2:4.4.5+dfsg-2ubuntu5.5) yakkety-security; urgency=medium

  * SECURITY REGRESSION: follow symlinks issue (LP: #1675698)
    - debian/patches/CVE-2017-2619/bug12721-*.patch: add fixes from Samba
      bug #12721.
  * Add missing prerequisite for previous update
    - debian/patches/CVE-2017-2619/bug12172.patch: handle non-existant
      files and wildcards in source3/modules/vfs_shadow_copy2.c.

 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Tue, 28 Mar 2017
07:31:03 -0400

** Changed in: samba (Ubuntu Yakkety)
       Status: Confirmed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-2619

** Changed in: samba (Ubuntu Xenial)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1675698

Title:
  Cannot access anything under a subdirectory if symlinks are disallowed

Status in samba:
  Unknown
Status in samba package in Ubuntu:
  Confirmed
Status in samba source package in Precise:
  Confirmed
Status in samba source package in Trusty:
  Confirmed
Status in samba source package in Xenial:
  Fix Released
Status in samba source package in Yakkety:
  Fix Released
Status in samba source package in Zesty:
  Confirmed
Status in samba package in Debian:
  Confirmed

Bug description:
  After upgrading to 4.3.11+dfsg-0ubuntu0.14.04.6, some of my shares
  broke in a curious way. The affected shares have `follow symlinks =
  no`; the ones with `follow symlinks = yes` aren't affected AFAICT.
  Allowing symlinks on one of the affected shares mitigates the issue
  for that share.

  The issue is that access to anything under a direct subdirectory of
  the share doesn't work. I can create a directory in `\\srv\share`,
  e.g. `\\srv\share\foo`, but I can't create any files or directories
  inside it, e.g. creating `\\srv\share\foo\bar` ends up with error 50
  (The request is not supported). Attempts to access existing files or
  directories at this level produce error 59 (An unexpected network
  error occured).

  The log at level 2 says:

  ```
  ../source3/smbd/vfs.c:1298(check_reduced_name)
    check_reduced_name: Bad access attempt: branches is a symlink to foo/bar

  ```

  ... or:

  ```
  ../source3/smbd/vfs.c:1298(check_reduced_name)
    check_reduced_name: Bad access attempt: . is a symlink to foo
  ```

To manage notifications about this bug go to:
https://bugs.launchpad.net/samba/+bug/1675698/+subscriptions