Bugtraq mailing list archives
Re: Samba Remote Zero-Day Exploit
From: paul.szabo () sydney edu au
Date: Sat, 6 Feb 2010 09:43:58 +1100
Dear Dan,
The bug here is that out-of-path symlinks are remotely writable. ...
You mean "creatable".
... the fact that he can *generate* the symlink breaks ...
Nothing breaks if the admin sets "wide links = no" for that share: the link is not followed.
But Samba supports dropping a user into a path ...
I never noticed such support documented: references please?
... and it really does need to keep him there.
You cannot "break out" of shares with "wide links = no".
... Samba is supposed to match Windows semantics in general.
No please, do not dumb it down. Cheers, Paul Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia
Current thread:
- Samba Remote Zero-Day Exploit Kingcope (Feb 05)
- Re: Samba Remote Zero-Day Exploit Kingcope (Feb 05)
- <Possible follow-ups>
- Re: Samba Remote Zero-Day Exploit paul . szabo (Feb 08)
- Re: [Full-disclosure] Samba Remote Zero-Day Exploit Thierry Zoller (Feb 08)
- Re: Samba Remote Zero-Day Exploit Kingcope (Feb 08)
- Re: Samba Remote Zero-Day Exploit paul . szabo (Feb 08)
- Re: Samba Remote Zero-Day Exploit paul . szabo (Feb 08)
- RE: Samba Remote Zero-Day Exploit David Jacoby (Feb 09)
- Re: Samba Remote Zero-Day Exploit paul . szabo (Feb 08)
- Message not available
- Re: Samba Remote Zero-Day Exploit Stefan Kanthak (Feb 08)
- RE: Samba Remote Zero-Day Exploit Michael Wojcik (Feb 08)
- Re: Samba Remote Zero-Day Exploit Stefan Kanthak (Feb 09)
- RE: Samba Remote Zero-Day Exploit Michael Wojcik (Feb 09)
- Message not available