Public bug reported:
The fix for bug #11395 / CVE-2015-5252
https://git.samba.org/?p=samba.git;a=commitdiff;h=7606c0db257b3f9d84da5b2bf5fbb4034cc8d77d
locked down the path checks in check_reduced_name[_with_privilege]() to prevent
unintended access via wide links.
The new checks do not correctly treat a corner case though: the case of
the share path being "/". (Important e.g. for using the glusterfs VFS
module.)
In this case all operations after tree connect get ACCESS_DENIED.
** Affects: samba
Importance: Unknown
Status: Unknown
** Affects: samba (Ubuntu)
Importance: Undecided
Status: New
** Bug watch added: Samba Bugzilla #11647
https://bugzilla.samba.org/show_bug.cgi?id=11647
** Also affects: samba via
https://bugzilla.samba.org/show_bug.cgi?id=11647
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1545750
Title:
Access denied if the share path is "/"
To manage notifications about this bug go to:
https://bugs.launchpad.net/samba/+bug/1545750/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
