SUSE CVE-2022-3592

A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks...

The vulnerability affects Unix extensions such as SMB1 and NFS, which are components of network communication software like Samba. This vulnerability allows attackers to compromise data integrity.

The vulnerability of Unix extensions like SMB1 and NFS network communication software such as Samba is related to the simultaneous execution using a shared resource with incorrect synchronization. Exploiting this vulnerability allows an attacker to compromise data integrity...

AZL-37007 CVE-2021-44141 affecting package samba for versions less than 4.18.3-1

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succee...

CIFS should honor umask

The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges...

CIFS should honor umask

The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges...