Ralf Zimmermann

**Name of the Vulnerable Software and Affected Versions** Samba versions prior to 3.3.11 Samba versions 3.4.x prior to 3.4.6 Samba versions 3.5.x prior to 3.5.0rc3 **Description** The default configuration of smbd in Samba allows remote authenticated users to access arbitrary files by leveraging a directory traversal issue. This is achieved by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options. **Recommendations** For Samba versions prior to 3.3.11, update to version 3.3.11 or later. For Samba versions 3.4.x prior to 3.4.6, update to version 3.4.6 or later. For Samba versions 3.5.x prior to 3.5.0rc3, update to version 3.5.0rc3 or later.