Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Samba Symlink Directory Traversal Vulnerability

Information

Severity

Severity

Low

Family

Family

Remote file access

CVSSv2 Base

CVSSv2 Base

3.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:N/A:N

Solution Type

Solution Type

Vendor Patch

Created

Created

14 years ago

Modified

Modified

5 years ago

Summary

Samba is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.

Insight

Insight

To exploit this issue, attackers require authenticated access to a writable share. Note that this issue may be exploited through a writable share accessible by guest accounts.

Affected Software

Affected Software

Samba versions before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3.

Solution

Solution

The vendor commented on the issue stating that it stems from an insecure default configuration. The Samba team advises administrators to set 'wide links = no' in the '[global]' section of 'smb.conf' and then restart the service to correct misconfigured services. Please see the references for more information.

Common Vulnerabilities and Exposures (CVE)