[SCM] Samba Website Repository - branch master updated
Lars Müller
lmuelle at samba.org
Mon Aug 22 12:19:47 MDT 2011
The branch, master has been updated
via e74f8af Make this news look like the 3.6 announcement
from 86a766e Make the photos from sentence more simple
http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e74f8afbe54d2549539f599abbbe254a50f2b2f4
Author: Lars Müller <lars at samba.org>
Date: Mon Aug 22 20:18:53 2011 +0200
Make this news look like the 3.6 announcement
-----------------------------------------------------------------------
Summary of changes:
news/symlink_attack.html | 13 ++++++++-----
1 files changed, 8 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/news/symlink_attack.html b/news/symlink_attack.html
index abe71fb..4b27b6d 100644
--- a/news/symlink_attack.html
+++ b/news/symlink_attack.html
@@ -3,8 +3,9 @@
<!--#include virtual="/samba/header_columns.html" -->
-<h4>5 February 2010</h4>
- <p class="headline">Claimed Zero Day exploit in Samba</p>
+<h2>Claimed Zero Day exploit in Samba</h2>
+
+<p>February 5th 2010</p>
<p>A user named "kcopedarookie" posted what they claim to be a video
of a
@@ -17,17 +18,17 @@ in Samba</a> on youtube yesterday.</p>
<p>The issue is actually a default insecure configuration
in Samba.</p>
-<h5>Quick FAQ: What do I do !</h5>
+<h3>Quick FAQ: What do I do !</h3>
<p>Set:</p>
<pre>
wide links = no
</pre>
+<p></p>
<p>in the [global] section of your smb.conf and restart
smbd to eliminate this problem.</p>
-<p></p>
-<h5>Longer FAQ: The real issue</h5>
+<h3>Longer FAQ: The real issue</h3>
<p>The problem comes from a combination of two features in Samba, each
of which on their own are useful to Administrators, but in combination
@@ -47,12 +48,14 @@ inside an exported share which SMB/CIFS clients will follow.</p>
guest ok = yes
</pre>
+<p></p>
<p>The administrator could add a symlink:</p>
<pre>
$ ln -s /etc/passwd /tmp/passwd
</pre>
+<p></p>
<p>and SMB/CIFS clients would then see a file called "passwd" within
the [tmp] share that could be read and would allow clients to read
/etc/passwd.</p>
--
Samba Website Repository
More information about the samba-cvs
mailing list