TODO: $VERSION

===========================================================
== Subject:     Spotlight server-side Share Path Disclosure
==
== CVE ID#:     CVE-2023-34968
==
== Versions:    All versions of Samba prior to $VERSION
==
== Summary:     As part of the Spotlight protocol Samba
==              discloses the server-side absolute path of
==              shares and files and directories in search
==              results.
===========================================================

===========
Description
===========

As part of the Spotlight protocol, the initial request
returns a path associated with the sharename targetted by
the RPC request. Samba returns the real server-side share
path at this point, as well as returning the absolute
server-side path of results in search queries by clients.

Known server side paths could be used to mount subsequent
more serious security attacks or could disclose confidential
information that is part of the path.

==================
Patch Availability
==================

Patches addressing both these issues have been posted to:

    https://www.samba.org/samba/security/

Additionally, Samba $VERSIONS have been issued
as security releases to correct the defect.  Samba administrators are
advised to upgrade to these releases or apply the patch as soon
as possible.

==================
CVSSv3 calculation
==================

CVSS 3.0: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (5.3)

==========
Workaround
==========

As a possible workaround disable Spotlight by removing all
configuration stanzas that enable Spotlight ("spotlight =
yes|true").

=======
Credits
=======

Originally reported by Ralph Boehme and Stefan Metzmacher
of SerNet and the Samba team.

Patches provided by Ralph Boehme of SerNet and the Samba
team.

==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================