July 12, 2001

FreeBSD: 'samba' potential symlink vulnerability

Author: JT Smith

LinuxSecurity: "The samba ports, versions prior to samba-2.0.10,
samba-devel-2.2.0a, and ja-samba-2.0.9.j1.0_1, fail to properly
validate NetBIOS names. By sending a specially crafted NetBIOS name
containing unix path characters, a remote user may be able to cause
the samba server to write the log files to arbitrary locations on
the local filesystems."


  • Linux
Click Here!