Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Samba, exiting the root directory

February 2010 by Vigil@nce

SYNTHESIS OF THE VULNERABILITY

In the default writable share configuration, Samba allows the
creation of symbolic links pointing outside the shared root.

Severity: 2/4

Consequences: data reading, data creation/edition, data deletion

Provenance: user account

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 08/02/2010

IMPACTED PRODUCTS

 Samba

DESCRIPTION OF THE VULNERABILITY
The Samba service has several configuration directives:

 writable : the SMB/CIFS share is writable (disabled by default)
 unix extensions: Unix extensions, such as the symbolic link
creation, are allowed (enabled by default)
 wide links: symbolic links pointing outside the share root
directory are allowed (enabled by default)
 etc.

When the administrator enables "writable", but without disabling
"unix extensions" nor "wide links", an authenticated attacker can
thus create a symbolic link pointing outside the share root.

In this configuration, the attacker can therefore read or edit
files located outside the share root.

CHARACTERISTICS

Identifiers: BID-38111, VIGILANCE-VUL-9413

http://vigilance.fr/vulnerability/Samba-exiting-the-root-directory-9413


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts