Re: samba: CVE-2017-9461: infinite loop on bad-symlink resolution

To: 864291@bugs.debian.org
Cc: debian-lts@lists.debian.org
Subject: Re: samba: CVE-2017-9461: infinite loop on bad-symlink resolution
From: Hugo Lefeuvre <hle@debian.org>
Date: Wed, 28 Jun 2017 16:28:20 +0200
Message-id: <[🔎] 20170628142820.vnz22gi3f2nlduom@hle-laptop.local>

Hi,

I couldn't reproduce this bug in the wheezy version and I think it
isn't affected.

I get the following error message:

    $ smbclient //server/share -c "posix; symlink nothing broken"
    (...)
    $ smbclient //localhost/shareddir -c "put /etc/issue broken"
    Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.6]
    NT_STATUS_OBJECT_NAME_NOT_FOUND opening remote file \broken

In the wheezy version, the fd_open_atomic function doesn't exist and
the existing fd_open function doesn't use loops.

Regards,
 Hugo

-- 
             Hugo Lefeuvre (hle)    |    www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: Re: [Pkg-puppet-devel] Wheezy update of puppet?
Next by Date: Re: network-manager: CVE-2016-0764
Previous by thread: Re: Wheezy update of trafficserver?
Next by thread: Wheezy update of sudo available
Index(es):
- Date
- Thread