When is a 0day not a 0day? When the exploit ends up being just a poor default configuration issue. It can lead to files being read, that the user has permission to read. Like /etc/passwd for example. The solution? Set "wide links = no" in the [global] section of your smb.conf and restart smbd to eliminate this problem, from the Samba Symlink Attack posting here. Thanks Elazar! Cheers, |
Adrien de Beaupre 353 Posts ISC Handler Feb 9th 2010 |
Thread locked Subscribe |
Feb 9th 2010 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!