| |||||||||||||||||||
Pardus alert 2010-32 (samba)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2010-32 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2010-02-14 Severity: 4 Type: Remote ------------------------------------------------------------------------ Summary ======= Kingcope has discovered a weakness in Samba, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information. Description =========== The weakness is caused due to the insecure "wide links" option being enabled by default, which allows the creation of symlinks to directories placed outside a writable share. This can be exploited to gain read and write access to restricted directories with the privileges of the e.g. guest account user via directory traversal attacks. Successful exploitation without authentication requires that a public writable share is exported and that the option "wide links" is set to "yes" (default). Affected packages: Pardus 2009: samba, all before 3.3.10-51-12 Resolution ========== There are update(s) for samba. You can update them via Package Manager or with a single command from console: pisi up samba References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=12228 * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=568493 * http://marc.info/?l=samba-technical&m=126539387432412... ------------------------------------------------------------------------ _______________________________________________ Pardus-security mailing list Pardus-security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||