Samba 4.4.x < 4.4.12 / 4.5.x < 4.5.7 / 4.6.x < 4.6.1 Local File Disclosure

Versions of Samba 4.4.x prior to 4.4.12, 4.5.x prior to 4.5.7, and 4.6.x prior to 4.6.1 are unpatched, and therefore affected by a race condition that is triggered after the ‘realpath()’ system call has checked a path. This may allow a local attacker to potentially rename a recently checked path and use a symlink to read from unauthorized parts of the file system.