A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make βsmbdβ escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the βsmbdβ configured share path and gain access to another restricted serverβs filesystem.
[
{
"vendor": "n/a",
"product": "samba",
"versions": [
{
"version": "Affects samba since 4.17.0, Fixed samba 4.17.2.",
"status": "affected"
}
]
}
]