CVE Reference: CVE-2010-0926

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2010-0926

Description:
The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.

CVE Status:
Candidate

References:

SUSE
  http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
  http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

SAID
  Secunia Advisory: SA39317

MLIST
  http://marc.info/?l=samba-technical&m=126549111204428&w=2
  http://marc.info/?l=samba-technical&m=126555346721629&w=2
  http://marc.info/?l=samba-technical&m=126548356728379&w=2
  http://marc.info/?l=samba-technical&m=126547903723628&w=2
  http://marc.info/?l=samba-technical&m=126540011609753&w=2
  http://marc.info/?l=samba-technical&m=126540695819735&w=2
  http://marc.info/?l=samba-technical&m=126540608318301&w=2
  http://marc.info/?l=samba-technical&m=126540539117328&w=2
  http://marc.info/?l=samba-technical&m=126540477016522&w=2
  http://marc.info/?l=samba-technical&m=126540475116511&w=2
  http://marc.info/?l=samba-technical&m=126540376915283&w=2
  http://marc.info/?l=samba-technical&m=126540248613395&w=2
  http://marc.info/?l=samba-technical&m=126540290614053&w=2
  http://marc.info/?l=samba-technical&m=126540277713815&w=2
  http://marc.info/?l=samba-technical&m=126540100511357&w=2
  http://marc.info/?l=samba-technical&m=126539387432412&w=2
  http://marc.info/?l=oss-security&m=126777580624790&w=2
  http://www.openwall.com/lists/oss-security/2010/03/05/3
  http://marc.info/?l=oss-security&m=126545363428745&w=2
  http://marc.info/?l=oss-security&m=126539592603079&w=2
  http://www.openwall.com/lists/oss-security/2010/02/06/3
  http://marc.info/?l=oss-security&m=126540733320471&w=2
  http://marc.info/?l=oss-security&m=126540402215620&w=2

MISC
  http://blog.metasploit.com/2010/02/exploiting-samba-symlink-traversal.html

FULLDISC
  http://marc.info/?l=full-disclosure&m=126538598820903&w=2
  http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0083.html
  http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0108.html
  http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0107.html

CONFIRM
  http://www.samba.org/samba/news/symlink_attack.html
  http://gitweb.samba.org/?p=samba.git;a=commit;h=bd269443e311d96ef495a9db47d1b95eb83bb8f4


Return to the previous page.