Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2010-AVI-133
Vulnerability from certfr_avis
Une vulnérabilité dans le serveur Samba donne à un utilisateur distant l'accès en lecture à tous les fichiers du serveurs.
Description
La configuration par défaut du serveur Samba contient la directive : wide links = yes.
Conjuguée aux extensions Unix des clients et à certains droits sur des partages, elle permet à un utilisateur distant d'accéder à tous les fichiers présents sur le serveur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Samba versions 3.3.x, 3.4.x et 3.5.x.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eSamba versions 3.3.x, 3.4.x et 3.5.x.\u003c/p\u003e",
"content": "## Description\n\nLa configuration par d\u00e9faut du serveur Samba contient la directive\u00a0:\nwide links = yes.\n\nConjugu\u00e9e aux extensions Unix des clients et \u00e0 certains droits sur des\npartages, elle permet \u00e0 un utilisateur distant d\u0027acc\u00e9der \u00e0 tous les\nfichiers pr\u00e9sents sur le serveur.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-0926",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0926"
}
],
"initial_release_date": "2010-03-25T00:00:00",
"last_revision_date": "2010-03-25T00:00:00",
"links": [
{
"title": "Rapport d\u0027erreur du projet Samba :",
"url": "http://www.samba.org/samba/news/symlink_attack.html"
}
],
"reference": "CERTA-2010-AVI-133",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-03-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans le serveur Samba donne \u00e0 un utilisateur distant\nl\u0027acc\u00e8s en lecture \u00e0 tous les fichiers du serveurs.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Samba",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-918-1 du 24 mars 2010",
"url": "http://www.ubuntulinux.org/usn/usn-918-1"
}
]
}
CVE-2010-0926 (GCVE-0-2010-0926)
Vulnerability from cvelistv5
Published
2010-03-09 19:00
Modified
2024-08-07 01:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[samba-technical] 20100207 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126555346721629\u0026w=2"
},
{
"name": "39317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39317"
},
{
"name": "[oss-security] 20100206 Re: Samba symlink 0day flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/02/06/3"
},
{
"name": "[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126549111204428\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540376915283\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540539117328\u0026w=2"
},
{
"name": "[oss-security] 20100305 Re: Samba symlink 0day flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/03/05/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.metasploit.com/2010/02/exploiting-samba-symlink-traversal.html"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540477016522\u0026w=2"
},
{
"name": "20100204 Re: Samba Remote Zero-Day Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0107.html"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540248613395\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540290614053\u0026w=2"
},
{
"name": "20100205 Re: Samba Remote Zero-Day Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=126538598820903\u0026w=2"
},
{
"name": "[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126548356728379\u0026w=2"
},
{
"name": "[oss-security] 20100206 Re: Samba symlink 0day flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=126545363428745\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540475116511\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126539387432412\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540695819735\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gitweb.samba.org/?p=samba.git%3Ba=commit%3Bh=bd269443e311d96ef495a9db47d1b95eb83bb8f4"
},
{
"name": "[oss-security] 20100305 Re: Samba symlink 0day flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=126777580624790\u0026w=2"
},
{
"name": "20100204 Samba Remote Zero-Day Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0083.html"
},
{
"name": "SUSE-SR:2010:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.samba.org/samba/news/symlink_attack.html"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126547903723628\u0026w=2"
},
{
"name": "[samba-technical] 20100205 re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540011609753\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.samba.org/show_bug.cgi?id=7104"
},
{
"name": "[oss-security] 20100205 Samba symlink 0day flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=126539592603079\u0026w=2"
},
{
"name": "[oss-security] 20100205 Re: Samba symlink 0day flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=126540733320471\u0026w=2"
},
{
"name": "20100204 Re: Samba Remote Zero-Day Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0108.html"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540608318301\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540100511357\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540277713815\u0026w=2"
},
{
"name": "[oss-security] 20100205 Re: Samba symlink 0day flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=126540402215620\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=562568"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[samba-technical] 20100207 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126555346721629\u0026w=2"
},
{
"name": "39317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39317"
},
{
"name": "[oss-security] 20100206 Re: Samba symlink 0day flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/02/06/3"
},
{
"name": "[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126549111204428\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540376915283\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540539117328\u0026w=2"
},
{
"name": "[oss-security] 20100305 Re: Samba symlink 0day flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/03/05/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.metasploit.com/2010/02/exploiting-samba-symlink-traversal.html"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540477016522\u0026w=2"
},
{
"name": "20100204 Re: Samba Remote Zero-Day Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0107.html"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540248613395\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540290614053\u0026w=2"
},
{
"name": "20100205 Re: Samba Remote Zero-Day Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=126538598820903\u0026w=2"
},
{
"name": "[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126548356728379\u0026w=2"
},
{
"name": "[oss-security] 20100206 Re: Samba symlink 0day flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=126545363428745\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540475116511\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126539387432412\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540695819735\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gitweb.samba.org/?p=samba.git%3Ba=commit%3Bh=bd269443e311d96ef495a9db47d1b95eb83bb8f4"
},
{
"name": "[oss-security] 20100305 Re: Samba symlink 0day flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=126777580624790\u0026w=2"
},
{
"name": "20100204 Samba Remote Zero-Day Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0083.html"
},
{
"name": "SUSE-SR:2010:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.samba.org/samba/news/symlink_attack.html"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126547903723628\u0026w=2"
},
{
"name": "[samba-technical] 20100205 re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540011609753\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.samba.org/show_bug.cgi?id=7104"
},
{
"name": "[oss-security] 20100205 Samba symlink 0day flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=126539592603079\u0026w=2"
},
{
"name": "[oss-security] 20100205 Re: Samba symlink 0day flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=126540733320471\u0026w=2"
},
{
"name": "20100204 Re: Samba Remote Zero-Day Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0108.html"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540608318301\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540100511357\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540277713815\u0026w=2"
},
{
"name": "[oss-security] 20100205 Re: Samba symlink 0day flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=126540402215620\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=562568"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0926",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[samba-technical] 20100207 Re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126555346721629\u0026w=2"
},
{
"name": "39317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39317"
},
{
"name": "[oss-security] 20100206 Re: Samba symlink 0day flaw",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/02/06/3"
},
{
"name": "[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126549111204428\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126540376915283\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126540539117328\u0026w=2"
},
{
"name": "[oss-security] 20100305 Re: Samba symlink 0day flaw",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/03/05/3"
},
{
"name": "http://blog.metasploit.com/2010/02/exploiting-samba-symlink-traversal.html",
"refsource": "MISC",
"url": "http://blog.metasploit.com/2010/02/exploiting-samba-symlink-traversal.html"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126540477016522\u0026w=2"
},
{
"name": "20100204 Re: Samba Remote Zero-Day Exploit",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0107.html"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126540248613395\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126540290614053\u0026w=2"
},
{
"name": "20100205 Re: Samba Remote Zero-Day Exploit",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=126538598820903\u0026w=2"
},
{
"name": "[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126548356728379\u0026w=2"
},
{
"name": "[oss-security] 20100206 Re: Samba symlink 0day flaw",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=126545363428745\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126540475116511\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126539387432412\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126540695819735\u0026w=2"
},
{
"name": "http://gitweb.samba.org/?p=samba.git;a=commit;h=bd269443e311d96ef495a9db47d1b95eb83bb8f4",
"refsource": "CONFIRM",
"url": "http://gitweb.samba.org/?p=samba.git;a=commit;h=bd269443e311d96ef495a9db47d1b95eb83bb8f4"
},
{
"name": "[oss-security] 20100305 Re: Samba symlink 0day flaw",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=126777580624790\u0026w=2"
},
{
"name": "20100204 Samba Remote Zero-Day Exploit",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0083.html"
},
{
"name": "SUSE-SR:2010:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
},
{
"name": "http://www.samba.org/samba/news/symlink_attack.html",
"refsource": "CONFIRM",
"url": "http://www.samba.org/samba/news/symlink_attack.html"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126547903723628\u0026w=2"
},
{
"name": "[samba-technical] 20100205 re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126540011609753\u0026w=2"
},
{
"name": "https://bugzilla.samba.org/show_bug.cgi?id=7104",
"refsource": "CONFIRM",
"url": "https://bugzilla.samba.org/show_bug.cgi?id=7104"
},
{
"name": "[oss-security] 20100205 Samba symlink 0day flaw",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=126539592603079\u0026w=2"
},
{
"name": "[oss-security] 20100205 Re: Samba symlink 0day flaw",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=126540733320471\u0026w=2"
},
{
"name": "20100204 Re: Samba Remote Zero-Day Exploit",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0108.html"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126540608318301\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126540100511357\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126540277713815\u0026w=2"
},
{
"name": "[oss-security] 20100205 Re: Samba symlink 0day flaw",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=126540402215620\u0026w=2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=562568",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=562568"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0926",
"datePublished": "2010-03-09T19:00:00",
"dateReserved": "2010-03-05T00:00:00",
"dateUpdated": "2024-08-07T01:06:52.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…