Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2010-AVI-133
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité dans le serveur Samba donne à un utilisateur distant l'accès en lecture à tous les fichiers du serveurs.
Description
La configuration par défaut du serveur Samba contient la directive : wide links = yes.
Conjuguée aux extensions Unix des clients et à certains droits sur des partages, elle permet à un utilisateur distant d'accéder à tous les fichiers présents sur le serveur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Samba versions 3.3.x, 3.4.x et 3.5.x.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eSamba versions 3.3.x, 3.4.x et 3.5.x.\u003c/p\u003e",
"content": "## Description\n\nLa configuration par d\u00e9faut du serveur Samba contient la directive\u00a0:\nwide links = yes.\n\nConjugu\u00e9e aux extensions Unix des clients et \u00e0 certains droits sur des\npartages, elle permet \u00e0 un utilisateur distant d\u0027acc\u00e9der \u00e0 tous les\nfichiers pr\u00e9sents sur le serveur.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-0926",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0926"
}
],
"links": [
{
"title": "Rapport d\u0027erreur du projet Samba :",
"url": "http://www.samba.org/samba/news/symlink_attack.html"
}
],
"reference": "CERTA-2010-AVI-133",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-03-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans le serveur Samba donne \u00e0 un utilisateur distant\nl\u0027acc\u00e8s en lecture \u00e0 tous les fichiers du serveurs.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Samba",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-918-1 du 24 mars 2010",
"url": "http://www.ubuntulinux.org/usn/usn-918-1"
}
]
}
CVE-2010-0926 (GCVE-0-2010-0926)
Vulnerability from cvelistv5 – Published: 2010-03-09 19:00 – Updated: 2024-08-07 01:06
VLAI?
EPSS
Summary
The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[samba-technical] 20100207 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126555346721629\u0026w=2"
},
{
"name": "39317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39317"
},
{
"name": "[oss-security] 20100206 Re: Samba symlink 0day flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/02/06/3"
},
{
"name": "[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126549111204428\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540376915283\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540539117328\u0026w=2"
},
{
"name": "[oss-security] 20100305 Re: Samba symlink 0day flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/03/05/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.metasploit.com/2010/02/exploiting-samba-symlink-traversal.html"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540477016522\u0026w=2"
},
{
"name": "20100204 Re: Samba Remote Zero-Day Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0107.html"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540248613395\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540290614053\u0026w=2"
},
{
"name": "20100205 Re: Samba Remote Zero-Day Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=126538598820903\u0026w=2"
},
{
"name": "[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126548356728379\u0026w=2"
},
{
"name": "[oss-security] 20100206 Re: Samba symlink 0day flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=126545363428745\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540475116511\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126539387432412\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540695819735\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gitweb.samba.org/?p=samba.git%3Ba=commit%3Bh=bd269443e311d96ef495a9db47d1b95eb83bb8f4"
},
{
"name": "[oss-security] 20100305 Re: Samba symlink 0day flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=126777580624790\u0026w=2"
},
{
"name": "20100204 Samba Remote Zero-Day Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0083.html"
},
{
"name": "SUSE-SR:2010:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.samba.org/samba/news/symlink_attack.html"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126547903723628\u0026w=2"
},
{
"name": "[samba-technical] 20100205 re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540011609753\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.samba.org/show_bug.cgi?id=7104"
},
{
"name": "[oss-security] 20100205 Samba symlink 0day flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=126539592603079\u0026w=2"
},
{
"name": "[oss-security] 20100205 Re: Samba symlink 0day flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=126540733320471\u0026w=2"
},
{
"name": "20100204 Re: Samba Remote Zero-Day Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0108.html"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540608318301\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540100511357\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540277713815\u0026w=2"
},
{
"name": "[oss-security] 20100205 Re: Samba symlink 0day flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=126540402215620\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=562568"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[samba-technical] 20100207 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126555346721629\u0026w=2"
},
{
"name": "39317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39317"
},
{
"name": "[oss-security] 20100206 Re: Samba symlink 0day flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/02/06/3"
},
{
"name": "[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126549111204428\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540376915283\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540539117328\u0026w=2"
},
{
"name": "[oss-security] 20100305 Re: Samba symlink 0day flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/03/05/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.metasploit.com/2010/02/exploiting-samba-symlink-traversal.html"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540477016522\u0026w=2"
},
{
"name": "20100204 Re: Samba Remote Zero-Day Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0107.html"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540248613395\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540290614053\u0026w=2"
},
{
"name": "20100205 Re: Samba Remote Zero-Day Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=126538598820903\u0026w=2"
},
{
"name": "[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126548356728379\u0026w=2"
},
{
"name": "[oss-security] 20100206 Re: Samba symlink 0day flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=126545363428745\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540475116511\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126539387432412\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540695819735\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gitweb.samba.org/?p=samba.git%3Ba=commit%3Bh=bd269443e311d96ef495a9db47d1b95eb83bb8f4"
},
{
"name": "[oss-security] 20100305 Re: Samba symlink 0day flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=126777580624790\u0026w=2"
},
{
"name": "20100204 Samba Remote Zero-Day Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0083.html"
},
{
"name": "SUSE-SR:2010:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.samba.org/samba/news/symlink_attack.html"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126547903723628\u0026w=2"
},
{
"name": "[samba-technical] 20100205 re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540011609753\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.samba.org/show_bug.cgi?id=7104"
},
{
"name": "[oss-security] 20100205 Samba symlink 0day flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=126539592603079\u0026w=2"
},
{
"name": "[oss-security] 20100205 Re: Samba symlink 0day flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=126540733320471\u0026w=2"
},
{
"name": "20100204 Re: Samba Remote Zero-Day Exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0108.html"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540608318301\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540100511357\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=samba-technical\u0026m=126540277713815\u0026w=2"
},
{
"name": "[oss-security] 20100205 Re: Samba symlink 0day flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=126540402215620\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=562568"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0926",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[samba-technical] 20100207 Re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126555346721629\u0026w=2"
},
{
"name": "39317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39317"
},
{
"name": "[oss-security] 20100206 Re: Samba symlink 0day flaw",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/02/06/3"
},
{
"name": "[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126549111204428\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126540376915283\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126540539117328\u0026w=2"
},
{
"name": "[oss-security] 20100305 Re: Samba symlink 0day flaw",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/03/05/3"
},
{
"name": "http://blog.metasploit.com/2010/02/exploiting-samba-symlink-traversal.html",
"refsource": "MISC",
"url": "http://blog.metasploit.com/2010/02/exploiting-samba-symlink-traversal.html"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126540477016522\u0026w=2"
},
{
"name": "20100204 Re: Samba Remote Zero-Day Exploit",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0107.html"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126540248613395\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126540290614053\u0026w=2"
},
{
"name": "20100205 Re: Samba Remote Zero-Day Exploit",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=126538598820903\u0026w=2"
},
{
"name": "[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126548356728379\u0026w=2"
},
{
"name": "[oss-security] 20100206 Re: Samba symlink 0day flaw",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=126545363428745\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126540475116511\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126539387432412\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126540695819735\u0026w=2"
},
{
"name": "http://gitweb.samba.org/?p=samba.git;a=commit;h=bd269443e311d96ef495a9db47d1b95eb83bb8f4",
"refsource": "CONFIRM",
"url": "http://gitweb.samba.org/?p=samba.git;a=commit;h=bd269443e311d96ef495a9db47d1b95eb83bb8f4"
},
{
"name": "[oss-security] 20100305 Re: Samba symlink 0day flaw",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=126777580624790\u0026w=2"
},
{
"name": "20100204 Samba Remote Zero-Day Exploit",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0083.html"
},
{
"name": "SUSE-SR:2010:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
},
{
"name": "http://www.samba.org/samba/news/symlink_attack.html",
"refsource": "CONFIRM",
"url": "http://www.samba.org/samba/news/symlink_attack.html"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126547903723628\u0026w=2"
},
{
"name": "[samba-technical] 20100205 re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126540011609753\u0026w=2"
},
{
"name": "https://bugzilla.samba.org/show_bug.cgi?id=7104",
"refsource": "CONFIRM",
"url": "https://bugzilla.samba.org/show_bug.cgi?id=7104"
},
{
"name": "[oss-security] 20100205 Samba symlink 0day flaw",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=126539592603079\u0026w=2"
},
{
"name": "[oss-security] 20100205 Re: Samba symlink 0day flaw",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=126540733320471\u0026w=2"
},
{
"name": "20100204 Re: Samba Remote Zero-Day Exploit",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0108.html"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126540608318301\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126540100511357\u0026w=2"
},
{
"name": "[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.",
"refsource": "MLIST",
"url": "http://marc.info/?l=samba-technical\u0026m=126540277713815\u0026w=2"
},
{
"name": "[oss-security] 20100205 Re: Samba symlink 0day flaw",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=126540402215620\u0026w=2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=562568",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=562568"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0926",
"datePublished": "2010-03-09T19:00:00",
"dateReserved": "2010-03-05T00:00:00",
"dateUpdated": "2024-08-07T01:06:52.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…