corrective releases of the Samba 4.10.8 and 4.9.13 package, in which the () that allows the user to access the root directory where the Samba network partition is located. The problem manifests itself when specifying the 'wide links = yes' option in the settings in combination with 'unix extensions = no' or 'allow insecure wide links = yes'. Access to files outside the current shared partition is limited by the user's access rights, i.e. the attacker can read and write files according to his uid/gid.
The problem is that after the first request to the root of the shared partition, an access error is returned to the client, but smbd caches the access to the directory and does not clear the cache in case of an access problem. Accordingly, after a repeated SMB request is sent, it is successfully processed based on the cache entry without repeated authorization checks.
Source: opennet.ru