mailing list archives
Re: Samba Remote Zero-Day Exploit
From: paul.szabo () sydney edu au
Date: Sat, 6 Feb 2010 09:43:58 +1100
The bug here is that out-of-path symlinks are remotely writable. ...
You mean "creatable".
... the fact that he can *generate* the symlink breaks ...
Nothing breaks if the admin sets "wide links = no" for that share: the
link is not followed.
But Samba supports dropping a user into a path ...
I never noticed such support documented: references please?
... and it really does need to keep him there.
You cannot "break out" of shares with "wide links = no".
... Samba is supposed to match Windows semantics in general.
No please, do not dumb it down.
Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/