CVE-2010-0926

Name of the Vulnerable Software and Affected Versions Samba versions prior to 3.3.11 Samba versions 3.4.x prior to 3.4.6 Samba versions 3.5.x prior to 3.5.0rc3

Description The default configuration of smbd in Samba allows remote authenticated users to access arbitrary files by leveraging a directory traversal issue. This is achieved by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.

Recommendations For Samba versions prior to 3.3.11, update to version 3.3.11 or later. For Samba versions 3.4.x prior to 3.4.6, update to version 3.4.6 or later. For Samba versions 3.5.x prior to 3.5.0rc3, update to version 3.5.0rc3 or later.