DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 9th February 2010
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default Vulnerability in Samba provides access to files

From http://www.h-online.com/security/new...es-924425.html

Quote:
A vulnerability in the creation of symbolic links (symlinks) in the free Samba file and printer server can be exploited to attain access to files outside of predefined paths.
Attackers can even get access to the system's root directory (/).

To exploit the flaw (directory traversing), attackers first have to have an account on the Samba server that includes write access to at least one share.

However, if a share is defined as writeable for guests, the hole can even be exploited remotely without such an account on the server. Under standard settings, no shares are writeable for guests.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Vulnerability in Oracle 11gR2 allows system privileges for all J65nko News 0 5th February 2010 04:12 PM
Vulnerability OldCoot OpenBSD Security 5 20th March 2009 07:44 PM
cannot port upgrade php5-posix, complains about vulnerability robklg FreeBSD Installation and Upgrading 5 15th July 2008 09:05 AM
Swfdec read-only file access vulnerability corey_james FreeBSD Ports and Packages 0 14th May 2008 11:31 PM
WARNING: Vulnerability database out of date, checking anyway mfaridi FreeBSD Security 9 8th May 2008 06:13 AM


All times are GMT. The time now is 05:00 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick