|
Full Disclosure
mailing list archives
Re: Samba Remote Zero-Day Exploit
From: paul.szabo () sydney edu au
Date: Sat, 6 Feb 2010 09:43:58 +1100
Dear Dan,
The bug here is that out-of-path symlinks are remotely writable. ...
You mean "creatable".
... the fact that he can *generate* the symlink breaks ...
Nothing breaks if the admin sets "wide links = no" for that share: the
link is not followed.
But Samba supports dropping a user into a path ...
I never noticed such support documented: references please?
... and it really does need to keep him there.
You cannot "break out" of shares with "wide links = no".
... Samba is supposed to match Windows semantics in general.
No please, do not dumb it down.
Cheers, Paul
Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
(Thread continues...)
| 
