Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.5
CVSSv2

CVE-2010-0926

Published: 10/03/2010 Updated: 07/11/2023
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
VMScore: 361
Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N
Subscribe to Samba

Vulnerability Summary

The default configuration of smbd in Samba prior to 3.3.11, 3.4.x prior to 3.4.6, and 3.5.x prior to 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.

Vulnerable Product Search on Vulmon Subscribe to Product

samba samba 3.3.3

samba samba 3.4.2

samba samba 3.4.0

samba samba 3.3.9

samba samba 3.4.5

samba samba 3.3.4

samba samba 3.3.7

samba samba 3.4.1

samba samba 3.3.1

samba samba 3.3.0

samba samba 3.3.6

samba samba 3.5.0

samba samba 3.3.2

samba samba 3.4.4

samba samba 3.4.3

samba samba 3.3.8

samba samba 3.3.5

samba samba 3.3.10

Vendor Advisories

Red Hat: Low: samba security, bug fix, and enhancement update
Synopsis Low: samba security, bug fix, and enhancement update Type/Severity Security Advisory: Low Topic Updated samba packages that fix one security issue, one bug, and add oneenhancement are now available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having low ...
Ubuntu Security Notice: samba vulnerability
It was discovered the Samba handled symlinks in an unexpected way when both “wide links” and “UNIX extensions” were enabled, which is the default A remote attacker could create symlinks and access arbitrary files from the server ...

Exploits

Exploit DB: Samba 3.4.5 - Symlink Directory Traversal (Metasploit)
source: wwwsecurityfocuscom/bid/38111/info Samba is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input Exploits would allow an attacker to access files outside of the Samba user's root directory to obtain sensitive information and perform other attacks To exploit thi ...
Exploit DB: Samba 3.4.5 - Symlink Directory Traversal
source: wwwsecurityfocuscom/bid/38111/info Samba is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input Exploits would allow an attacker to access files outside of the Samba user's root directory to obtain sensitive information and perform other attacks To exploit ...

Github Repositories

https://github.com/kezzyhko/vulnsamba

Vulnerable samba versions and exploits, wrapped in docker containers

vulnsamba This repo contains proof of concept exploits for 2 CVEs on old versions of samba For each CVE, there are two docker containers: victim and attacker Table of contents CVE-2010-0926 Information and links Containers description Instructions to reproduce CVE-2017-2619 Information and links Containers description Instructions to reproduce CVE-2010-0926 Informatio

https://github.com/pedroarias1015/oscp

Recursos de utilidad para el examen y laboratorio del OSCP

OSCP Este repositorio incluye distintas utilidades de cara a la preparación y obtención de la certificación OSCP Para utilizarlo adecuadamente se debe exportar la ruta raiz del repositorio al clonar el repositorio echo export OSCP=$PWD >> /root/bashrc Reconocimiento githubcom/pedroarias1015/oscp/tree/master/reconocimiento Explotacio

References

CWE-22http://www.openwall.com/lists/oss-security/2010/02/06/3http://marc.info/?l=samba-technical&m=126547903723628&w=2http://marc.info/?l=samba-technical&m=126540608318301&w=2http://marc.info/?l=samba-technical&m=126540277713815&w=2http://marc.info/?l=samba-technical&m=126540011609753&w=2https://bugzilla.redhat.com/show_bug.cgi?id=562568http://marc.info/?l=samba-technical&m=126540695819735&w=2http://marc.info/?l=samba-technical&m=126548356728379&w=2http://marc.info/?l=samba-technical&m=126555346721629&w=2http://marc.info/?l=samba-technical&m=126540539117328&w=2http://marc.info/?l=full-disclosure&m=126538598820903&w=2https://bugzilla.samba.org/show_bug.cgi?id=7104http://marc.info/?l=samba-technical&m=126540290614053&w=2http://www.samba.org/samba/news/symlink_attack.htmlhttp://blog.metasploit.com/2010/02/exploiting-samba-symlink-traversal.htmlhttp://marc.info/?l=oss-security&m=126777580624790&w=2http://www.openwall.com/lists/oss-security/2010/03/05/3http://marc.info/?l=samba-technical&m=126540475116511&w=2http://marc.info/?l=samba-technical&m=126549111204428&w=2http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0083.htmlhttp://marc.info/?l=samba-technical&m=126540100511357&w=2http://marc.info/?l=oss-security&m=126545363428745&w=2http://marc.info/?l=oss-security&m=126539592603079&w=2http://marc.info/?l=samba-technical&m=126540477016522&w=2http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0108.htmlhttp://marc.info/?l=oss-security&m=126540733320471&w=2http://marc.info/?l=samba-technical&m=126539387432412&w=2http://marc.info/?l=samba-technical&m=126540248613395&w=2http://marc.info/?l=oss-security&m=126540402215620&w=2http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0107.htmlhttp://marc.info/?l=samba-technical&m=126540376915283&w=2http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.htmlhttp://secunia.com/advisories/39317http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.htmlhttp://gitweb.samba.org/?p=samba.git%3Ba=commit%3Bh=bd269443e311d96ef495a9db47d1b95eb83bb8f4https://access.redhat.com/errata/RHSA-2012:0313https://usn.ubuntu.com/918-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/33598/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook