Public Date:
1429472: CVE-2017-2619 samba: symlink race permits opening files outside share directory
A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions.

Find out more about CVE-2017-2619 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 5.9
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
Attack Vector Network
Attack Complexity High
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity Impact Low
Availability Impact Low

Red Hat Security Errata

Platform Errata Release Date
Red Hat Gluster 3.3 Samba on RHEL-6 (samba) RHSA-2017:2778 2017-09-21
Red Hat Gluster 3.2 Samba on RHEL-7 (samba) RHSA-2017:2338 2017-08-01
Red Hat Enterprise Linux 6 (samba) RHSA-2017:2789 2017-09-21
Red Hat Enterprise Linux 7 (samba) RHSA-2017:1265 2017-05-22

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 samba4 Will not fix
Red Hat Enterprise Linux 5 samba Will not fix
Red Hat Enterprise Linux 5 samba3x Will not fix


Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jann Horn (Google) as the original reporter.


Add the parameter:

unix extensions = no

to the [global] section of your smb.conf and restart smbd. This prevents SMB1 clients from creating symlinks on the exported file system using SMB1.

However, if the same region of the file system is also exported using NFS, NFS clients can create symlinks that potentially can also hit the race condition. For non-patched versions of Samba we recommend only exporting areas of the file system by either SMB or NFS, not both.

External References

Last Modified