CVE-2010-0926

The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.
Path Traversal
Severity
UNKNOWN
AV:N/AC:M/Au:S/C:P/I:N/A:N
Atk. Vector
NETWORK
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
sambasamba
3.3.0
sambasamba
3.3.1
sambasamba
3.3.2
sambasamba
3.3.3
sambasamba
3.3.4
sambasamba
3.3.5
sambasamba
3.3.6
sambasamba
3.3.7
sambasamba
3.3.8
sambasamba
3.3.9
sambasamba
3.3.10
sambasamba
3.4.0
sambasamba
3.4.1
sambasamba
3.4.2
sambasamba
3.4.3
sambasamba
3.4.4
sambasamba
3.4.5
sambasamba
3.5.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
samba
bullseye (security)
2:4.13.13+dfsg-1~deb11u6
fixed
bullseye
2:4.13.13+dfsg-1~deb11u6
fixed
lenny
no-dsa
bookworm
2:4.17.12+dfsg-0+deb12u1
fixed
bookworm (security)
2:4.17.12+dfsg-0+deb12u1
fixed
sid
2:4.21.1+dfsg-2
fixed
trixie
2:4.21.1+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
samba
karmic
Fixed 2:3.4.0-3ubuntu5.6
released
jaunty
Fixed 2:3.3.2-1ubuntu3.4
released
intrepid
Fixed 2:3.2.3-1ubuntu3.8
released
hardy
Fixed 3.0.28a-1ubuntu4.11
released
dapper
Fixed 3.0.22-1ubuntu3.11
released
References