vendor:
Samba
by:
kcope, hdm
5.5
CVSS
MEDIUM
Directory Traversal
22
CWE
Product Name: Samba
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:samba:samba
Platforms Tested:
2010
Samba Symlink Directory Traversal
Samba is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploits would allow an attacker to access files outside of the Samba user's root directory to obtain sensitive information and perform other attacks.
Mitigation:
The vendor advises administrators to set 'wide links = no' in the '[global]' section of 'smb.conf'.