Claimed Zero Day exploit in Samba.
tombork at web.de
Fri Feb 5 14:52:01 MST 2010
Jeremy Allison wrote:
> The problem occurs as Samba allows clients using the UNIX
> extensions (which are also turned on by default) to create
> symlinks on remotely mounted shares on which they have write
> access that point to any path on the file system.
But this is not possible, if 'unix extensions = no' is set on the server
side, isn't it?
> This is by design, as applications running on UNIX clients
> may have good reasons to create symlinks anywhere on the
> filesystem they have write access that point to local files
> (such as /etc/passwd).
> UNIX clients will resolve these links locally, but Windows
> clients will resolve them on the server. It is this combination
> that causes the problem.
I think it is a nice feature to symlink to areas outside a share,
because I don't have to double the data.
'wide links = yes'
'unix extensions = no'
is set on the server side, this cannot be exploited, correct?
More information about the samba-technical