vulnerability bulletin CVE-2010-0926 Samba: exiting the root directory
Synthesis of the vulnerability

In the default writable share configuration, Samba allows the creation of symbolic links pointing outside the shared root.

Severity: 2/4. Consequences: data reading, data creation/edition, data deletion. Provenance: user account. Means of attack: no proof of concept, no attack. Ability of attacker: expert (4/4). Confidence: confirmed by the editor (5/5). Diffusion of the vulnerable configuration: high (3/3). Creation date: 08/02/2010.

Impacted products

• Samba versions

Description of the vulnerability

The Samba service has several configuration directives:  - writable : the SMB/CIFS share is writable (disabled by default)  - unix extensions: Unix extensions, such as the symbolic link creation, are allowed (enabled by default)  - wide links: symbolic links pointing outside the share root directory are allowed (enabled by default)  - etc. When the administrator enables "writable", but without disabling "unix extensions" nor "wide links", an authenticated attacker can thus create a symbolic link pointing outside the share root. In this configuration, the attacker can therefore read or edit files located outside the share root.

Characteristics

Title: Samba: exiting the root directory Identifiers: BID-38111, CVE-2010-0926, VIGILANCE-VUL-9413. Url: https://vigilance.fr/tree/1/9413

Information sources

Publications and announces Source example: Claimed Zero Day exploit in Samba

Solutions for this vulnerability

Patch or workaround