9th February 2010
|
Administrator
|
|
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
|
|
Vulnerability in Samba provides access to files
From http://www.h-online.com/security/new...es-924425.html
Quote:
A vulnerability in the creation of symbolic links (symlinks) in the free Samba file and printer server can be exploited to attain access to files outside of predefined paths.
Attackers can even get access to the system's root directory (/).
To exploit the flaw (directory traversing), attackers first have to have an account on the Samba server that includes write access to at least one share.
However, if a share is defined as writeable for guests, the hole can even be exploited remotely without such an account on the server. Under standard settings, no shares are writeable for guests.
|
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|