Back to search
CVE-2010-0926
Published: Mar 9, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[samba-technical] 20100207 Re: Claimed Zero Day exploit in Samba.
mailing-list
x_refsource_MLIST
39317
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20100206 Re: Samba symlink 0day flaw
mailing-list
x_refsource_MLIST
[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.
mailing-list
x_refsource_MLIST
[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.
mailing-list
x_refsource_MLIST
[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.
mailing-list
x_refsource_MLIST
[oss-security] 20100305 Re: Samba symlink 0day flaw
mailing-list
x_refsource_MLIST
[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.
mailing-list
x_refsource_MLIST
20100204 Re: Samba Remote Zero-Day Exploit
mailing-list
x_refsource_FULLDISC
[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.
mailing-list
x_refsource_MLIST
[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.
mailing-list
x_refsource_MLIST
20100205 Re: Samba Remote Zero-Day Exploit
mailing-list
x_refsource_FULLDISC
[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.
mailing-list
x_refsource_MLIST
[oss-security] 20100206 Re: Samba symlink 0day flaw
mailing-list
x_refsource_MLIST
[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.
mailing-list
x_refsource_MLIST
[samba-technical] 20100205 Claimed Zero Day exploit in Samba.
mailing-list
x_refsource_MLIST
[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.
mailing-list
x_refsource_MLIST
[oss-security] 20100305 Re: Samba symlink 0day flaw
mailing-list
x_refsource_MLIST
20100204 Samba Remote Zero-Day Exploit
mailing-list
x_refsource_FULLDISC
SUSE-SR:2010:008
vendor-advisory
x_refsource_SUSE
http://www.samba.org/samba/news/symlink_attack.html
x_refsource_CONFIRM
SUSE-SR:2010:014
vendor-advisory
x_refsource_SUSE
[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.
mailing-list
x_refsource_MLIST
[samba-technical] 20100205 re: Claimed Zero Day exploit in Samba.
mailing-list
x_refsource_MLIST
https://bugzilla.samba.org/show_bug.cgi?id=7104
x_refsource_CONFIRM
[oss-security] 20100205 Samba symlink 0day flaw
mailing-list
x_refsource_MLIST
[oss-security] 20100205 Re: Samba symlink 0day flaw
mailing-list
x_refsource_MLIST
20100204 Re: Samba Remote Zero-Day Exploit
mailing-list
x_refsource_FULLDISC
[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.
mailing-list
x_refsource_MLIST
[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.
mailing-list
x_refsource_MLIST
[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.
mailing-list
x_refsource_MLIST
[oss-security] 20100205 Re: Samba symlink 0day flaw
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=562568
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now