A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share could overwrite a protected file by renaming a newly created file over the existing WORM-protected file.
2:4.15.13+dfsg-0ubuntu1.122:4.19.5+dfsg-4ubuntu9.62:4.22.3+dfsg-4ubuntu2.42:4.23.6+dfsg-1ubuntu2.12:3.6.18-1ubuntu32:4.0.10+dfsg-4ubuntu22:4.0.13+dfsg-1ubuntu12:4.1.3+dfsg-2ubuntu22:4.1.3+dfsg-2ubuntu32:4.1.3+dfsg-2ubuntu42:4.1.3+dfsg-2ubuntu52:4.1.6+dfsg-1ubuntu12:4.1.6+dfsg-1ubuntu22:4.1.6+dfsg-1ubuntu2.14.04.1+43 more2:4.1.17+dfsg-4ubuntu22:4.1.20+dfsg-1ubuntu12:4.1.20+dfsg-1ubuntu22:4.1.20+dfsg-1ubuntu32:4.1.20+dfsg-1ubuntu52:4.3.11+dfsg-0ubuntu0.16.04.12:4.3.11+dfsg-0ubuntu0.16.04.102:4.3.11+dfsg-0ubuntu0.16.04.112:4.3.11+dfsg-0ubuntu0.16.04.122:4.3.11+dfsg-0ubuntu0.16.04.13+36 more2:4.6.7+dfsg-1ubuntu32:4.7.1+dfsg-1ubuntu12:4.7.3+dfsg-1ubuntu12:4.7.4+dfsg-1ubuntu12:4.7.6+dfsg~ubuntu-0ubuntu12:4.7.6+dfsg~ubuntu-0ubuntu22:4.7.6+dfsg~ubuntu-0ubuntu2.102:4.7.6+dfsg~ubuntu-0ubuntu2.112:4.7.6+dfsg~ubuntu-0ubuntu2.132:4.7.6+dfsg~ubuntu-0ubuntu2.14+22 more2:4.10.7+dfsg-0ubuntu22:4.10.7+dfsg-0ubuntu32:4.11.1+dfsg-3ubuntu12:4.11.1+dfsg-3ubuntu22:4.11.1+dfsg-3ubuntu42:4.11.5+dfsg-1ubuntu12:4.11.5+dfsg-1ubuntu22:4.11.6+dfsg-0ubuntu12:4.11.6+dfsg-0ubuntu1.12:4.11.6+dfsg-0ubuntu1.10+26 moreExploitability
AV:NAC:LPR:LUI:NScope
S:UImpact
C:NI:HA:NCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N