Full Disclosure mailing list archives
Re: Samba Remote Zero-Day Exploit
From: paul.szabo () sydney edu au
Date: Sat, 6 Feb 2010 09:43:58 +1100
Dear Dan,
The bug here is that out-of-path symlinks are remotely writable. ...
You mean "creatable".
... the fact that he can *generate* the symlink breaks ...
Nothing breaks if the admin sets "wide links = no" for that share: the link is not followed.
But Samba supports dropping a user into a path ...
I never noticed such support documented: references please?
... and it really does need to keep him there.
You cannot "break out" of shares with "wide links = no".
... Samba is supposed to match Windows semantics in general.
No please, do not dumb it down. Cheers, Paul Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Samba Remote Zero-Day Exploit Kingcope (Feb 04)
- Re: Samba Remote Zero-Day Exploit Kingcope (Feb 05)
- <Possible follow-ups>
- Re: Samba Remote Zero-Day Exploit paul . szabo (Feb 05)
- Re: Samba Remote Zero-Day Exploit Dan Kaminsky (Feb 05)
- Re: Samba Remote Zero-Day Exploit paul . szabo (Feb 05)
- Re: Samba Remote Zero-Day Exploit Kingcope (Feb 05)
- Re: Samba Remote Zero-Day Exploit paul . szabo (Feb 05)
- Re: Samba Remote Zero-Day Exploit Thierry Zoller (Feb 06)
- Re: Samba Remote Zero-Day Exploit Dan Kaminsky (Feb 05)
- Re: Samba Remote Zero-Day Exploit Stefan Kanthak (Feb 06)
- Re: Samba Remote Zero-Day Exploit Dan Kaminsky (Feb 06)
- Re: Samba Remote Zero-Day Exploit Stefan Kanthak (Feb 08)
- Re: Samba Remote Zero-Day Exploit Dan Kaminsky (Feb 06)
- Re: Samba Remote Zero-Day Exploit Michael Wojcik (Feb 09)
- Re: Samba Remote Zero-Day Exploit Stefan Kanthak (Feb 09)
- Re: Samba Remote Zero-Day Exploit Michael Wojcik (Feb 09)