Full Disclosure mailing list archives
Re: Samba Remote Zero-Day Exploit
From: paul.szabo () sydney edu au
Date: Sat, 6 Feb 2010 09:03:54 +1100
Dear Kingcope, The samba server follows symlinks by default. There are options ("follow symlinks", "wide links") for turning it off: http://www.samba.org/samba/docs/using_samba/ch08.html#samba2-CHP-8-SECT-1.2 http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#FOLLOWSYMLINKS http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#WIDELINKS The "problem" at your installation seems a mis-configuration of your server: please ask the admin to set "secure" options. (Some samba installations, like mine, wish to allow same access as a UNIX login would allow. Some shares like [home] are provided for ease of use, users are encouraged to create symlinks to other "interesting" places e.g. NFS-mounted directories.) Cheers, Paul Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Samba Remote Zero-Day Exploit Kingcope (Feb 04)
- Re: Samba Remote Zero-Day Exploit Kingcope (Feb 05)
- <Possible follow-ups>
- Re: Samba Remote Zero-Day Exploit paul . szabo (Feb 05)
- Re: Samba Remote Zero-Day Exploit Dan Kaminsky (Feb 05)
- Re: Samba Remote Zero-Day Exploit paul . szabo (Feb 05)
- Re: Samba Remote Zero-Day Exploit Kingcope (Feb 05)
- Re: Samba Remote Zero-Day Exploit paul . szabo (Feb 05)
- Re: Samba Remote Zero-Day Exploit Thierry Zoller (Feb 06)
- Re: Samba Remote Zero-Day Exploit Dan Kaminsky (Feb 05)
- Re: Samba Remote Zero-Day Exploit Stefan Kanthak (Feb 06)
- Re: Samba Remote Zero-Day Exploit Dan Kaminsky (Feb 06)
- Re: Samba Remote Zero-Day Exploit Stefan Kanthak (Feb 08)
- Re: Samba Remote Zero-Day Exploit Dan Kaminsky (Feb 06)
- Re: Samba Remote Zero-Day Exploit Michael Wojcik (Feb 09)