| Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them. |
|
 |
|
|
|
vulnerability bulletin CVE-2010-0926
Samba: exiting the root directory
Synthesis of the vulnerability
| In the default writable share configuration, Samba allows the creation of symbolic links pointing outside the shared root. |
Severity: 2/4.
Creation date: 08/02/2010.
|
Description of the vulnerability
The Samba service has several configuration directives:
- writable : the SMB/CIFS share is writable (disabled by default)
- unix extensions: Unix extensions, such as the symbolic link creation, are allowed (enabled by default)
- wide links: symbolic links pointing outside the share root directory are allowed (enabled by default)
- etc.
When the administrator enables "writable", but without disabling "unix extensions" nor "wide links", an authenticated attacker can thus create a symbolic link pointing outside the share root.
In this configuration, the attacker can therefore read or edit files located outside the share root. |
Complete Vigil@nce bulletin
Characteristics
Title: Samba: exiting the root directory.
Keywords: CIFS SMB Samba Unix directory exiting root.
Identifiers: BID-38111, CVE-2010-0926, SUSE-SR:2010:007, SUSE-SR:2010:008, SUSE-SR:2010:014, VIGILANCE-VUL-9413.
|
Information sources
Solutions for this vulnerability
Computer vulnerabilities tracking service
The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Security vulnerability alerts
|