A flaw was found in the Linux kernel SMB client. Path separators are not checked by cifs.ko when parsing directory listings back, so a bad server can return relative paths that will be returned as-is to userspace potencially leading to manipulating of files outside shared mount points. Upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs?id=4f11918ab93bc113ec0831ed2ab7b88847d44dd7
Acknowledgments: Name: the SUSE Labs samba team Upstream: Michael Hanselmann
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1777399]
Hi https://bugzilla.redhat.com/show_bug.cgi?id=1741728 is not publicly accessible, which I assume contains more information. Can you make those available? Is the issue fixed upstream? Regards, Salvatore
Seems related to the SuSE bugzilla entry at https://bugzilla.suse.com/show_bug.cgi?id=1144903
This was fixed for Fedora with the 5.3.8 stable kernel updates.
Hi Salvatore, In reply to comment #3: > https://bugzilla.redhat.com/show_bug.cgi?id=1741728 is not publicly > accessible, which I assume contains more information. Can you make those > available? no, sorry. > Is the issue fixed upstream? This issue was solved on the VFS level not on the per filesystem level. Please see comment #0. Thank you, -- Petr Matousek / Red Hat Product Security
Gday, I think that this was fixed here: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs?id=4f11918ab93bc113ec0831ed2ab7b88847d44dd7 Which kinda negates the need for this fix as its fixing it for all networked filesystems on the vfs level. Does this answre your question ?
Many thanks for confirming!
No problem , thanks for the follow up.