CVE-2010-0926
Severity CVSS v4.0:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
10/03/2010
Last modified:
11/04/2025
Description
The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.
Impact
Base Score 2.0
3.50
Severity 2.0
LOW
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:samba:samba:3.3.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:samba:samba:3.3.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:samba:samba:3.3.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:samba:samba:3.3.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:samba:samba:3.3.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:samba:samba:3.3.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:samba:samba:3.3.6:*:*:*:*:*:*:* | ||
cpe:2.3:a:samba:samba:3.3.7:*:*:*:*:*:*:* | ||
cpe:2.3:a:samba:samba:3.3.8:*:*:*:*:*:*:* | ||
cpe:2.3:a:samba:samba:3.3.9:*:*:*:*:*:*:* | ||
cpe:2.3:a:samba:samba:3.3.10:*:*:*:*:*:*:* | ||
cpe:2.3:a:samba:samba:3.4.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:samba:samba:3.4.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:samba:samba:3.4.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:samba:samba:3.4.3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0083.html
- http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0107.html
- http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0108.html
- http://blog.metasploit.com/2010/02/exploiting-samba-symlink-traversal.html
- http://gitweb.samba.org/?p=samba.git%3Ba%3Dcommit%3Bh%3Dbd269443e311d96ef495a9db47d1b95eb83bb8f4
- http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
- http://marc.info/?l=full-disclosure&m=126538598820903&w=2
- http://marc.info/?l=oss-security&m=126539592603079&w=2
- http://marc.info/?l=oss-security&m=126540402215620&w=2
- http://marc.info/?l=oss-security&m=126540733320471&w=2
- http://marc.info/?l=oss-security&m=126545363428745&w=2
- http://marc.info/?l=oss-security&m=126777580624790&w=2
- http://marc.info/?l=samba-technical&m=126539387432412&w=2
- http://marc.info/?l=samba-technical&m=126540011609753&w=2
- http://marc.info/?l=samba-technical&m=126540100511357&w=2
- http://marc.info/?l=samba-technical&m=126540248613395&w=2
- http://marc.info/?l=samba-technical&m=126540277713815&w=2
- http://marc.info/?l=samba-technical&m=126540290614053&w=2
- http://marc.info/?l=samba-technical&m=126540376915283&w=2
- http://marc.info/?l=samba-technical&m=126540475116511&w=2
- http://marc.info/?l=samba-technical&m=126540477016522&w=2
- http://marc.info/?l=samba-technical&m=126540539117328&w=2
- http://marc.info/?l=samba-technical&m=126540608318301&w=2
- http://marc.info/?l=samba-technical&m=126540695819735&w=2
- http://marc.info/?l=samba-technical&m=126547903723628&w=2
- http://marc.info/?l=samba-technical&m=126548356728379&w=2
- http://marc.info/?l=samba-technical&m=126549111204428&w=2
- http://marc.info/?l=samba-technical&m=126555346721629&w=2
- http://secunia.com/advisories/39317
- http://www.openwall.com/lists/oss-security/2010/02/06/3
- http://www.openwall.com/lists/oss-security/2010/03/05/3
- http://www.samba.org/samba/news/symlink_attack.html
- https://bugzilla.redhat.com/show_bug.cgi?id=562568
- https://bugzilla.samba.org/show_bug.cgi?id=7104
- http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0083.html
- http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0107.html
- http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0108.html
- http://blog.metasploit.com/2010/02/exploiting-samba-symlink-traversal.html
- http://gitweb.samba.org/?p=samba.git%3Ba%3Dcommit%3Bh%3Dbd269443e311d96ef495a9db47d1b95eb83bb8f4
- http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
- http://marc.info/?l=full-disclosure&m=126538598820903&w=2
- http://marc.info/?l=oss-security&m=126539592603079&w=2
- http://marc.info/?l=oss-security&m=126540402215620&w=2
- http://marc.info/?l=oss-security&m=126540733320471&w=2
- http://marc.info/?l=oss-security&m=126545363428745&w=2
- http://marc.info/?l=oss-security&m=126777580624790&w=2
- http://marc.info/?l=samba-technical&m=126539387432412&w=2
- http://marc.info/?l=samba-technical&m=126540011609753&w=2
- http://marc.info/?l=samba-technical&m=126540100511357&w=2
- http://marc.info/?l=samba-technical&m=126540248613395&w=2
- http://marc.info/?l=samba-technical&m=126540277713815&w=2
- http://marc.info/?l=samba-technical&m=126540290614053&w=2
- http://marc.info/?l=samba-technical&m=126540376915283&w=2
- http://marc.info/?l=samba-technical&m=126540475116511&w=2
- http://marc.info/?l=samba-technical&m=126540477016522&w=2
- http://marc.info/?l=samba-technical&m=126540539117328&w=2
- http://marc.info/?l=samba-technical&m=126540608318301&w=2
- http://marc.info/?l=samba-technical&m=126540695819735&w=2
- http://marc.info/?l=samba-technical&m=126547903723628&w=2
- http://marc.info/?l=samba-technical&m=126548356728379&w=2
- http://marc.info/?l=samba-technical&m=126549111204428&w=2
- http://marc.info/?l=samba-technical&m=126555346721629&w=2
- http://secunia.com/advisories/39317
- http://www.openwall.com/lists/oss-security/2010/02/06/3
- http://www.openwall.com/lists/oss-security/2010/03/05/3
- http://www.samba.org/samba/news/symlink_attack.html
- https://bugzilla.redhat.com/show_bug.cgi?id=562568
- https://bugzilla.samba.org/show_bug.cgi?id=7104