Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation resources documentation contact  
subscriber area subscriber area
free access free access
Vigil@nce describes vulnerabilities impacting your systems, and offers solutions to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability
vulnerability bulletin CVE-2010-0926
Samba: exiting the root directory

Synthesis of the vulnerability
In the default writable share configuration, Samba allows the creation of symbolic links pointing outside the shared root.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: user account.
Means of attack: no proof of concept, no attack.
Ability of attacker: expert (4/4).
Confidence: confirmed by the editor (5/5).
Diffusion of the vulnerable configuration: high (3/3).
Creation date: 08/02/2010.

Impacted products

Description of the vulnerability
The Samba service has several configuration directives:
 - writable : the SMB/CIFS share is writable (disabled by default)
 - unix extensions: Unix extensions, such as the symbolic link creation, are allowed (enabled by default)
 - wide links: symbolic links pointing outside the share root directory are allowed (enabled by default)
 - etc.

When the administrator enables "writable", but without disabling "unix extensions" nor "wide links", an authenticated attacker can thus create a symbolic link pointing outside the share root.

In this configuration, the attacker can therefore read or edit files located outside the share root.

Characteristics
Title: Samba: exiting the root directory
Identifiers: BID-38111, CVE-2010-0926, VIGILANCE-VUL-9413.
Url: https://vigilance.fr/tree/1/9413

Information sources
Publications and announces
Source example: Claimed Zero Day exploit in Samba

Solutions for this vulnerability
Patch or workaround



















France Télécom Copyright 1999-2010 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française