2 matches found
Server side request forgery (ssrf)
Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRVSNAPSHOTARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memo...
A writable configured share might get read only
Description Due to a assignment vs equality bug a share reference might get overwritten. This can lead to 'read only = no' from another share to leak into a 'read only = yes' share for a subsequent connections. This is a re-evaluation of an already fixed bug. Workaround Update to 3.6.6 and higher...