Jan Kasprzak

**Name of the Vulnerable Software and Affected Versions** Samba versions 3.x through 4.3.x before 4.3.3 Samba versions 4.2.x before 4.2.7 Samba versions 4.1.x before 4.1.22 **Description** The issue is related to a lack of privilege control and access management mechanisms in the Samba library smbd. It allows a remote attacker to bypass intended file-access restrictions via a symlink that points outside of a share, potentially impacting data integrity. The vulnerability exists in vfs.c in smbd when share names with certain substring relationships exist. **Recommendations** For Samba versions 3.x through 4.3.x before 4.3.3, update to version 4.3.3 or later to resolve the issue. For Samba versions 4.2.x before 4.2.7, update to version 4.2.7 or later to resolve the issue. For Samba versions 4.1.x before 4.1.22, update to version 4.1.22 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable `vfs.c` module in smbd until a patch is available.