CVE-2004-0186

Name of the Vulnerable Software and Affected Versions Samba versions 2.x through 3.x

Description The issue allows local users to gain root privileges by mounting a Samba share that contains a setuid root program. This occurs because the setuid attributes are not cleared when the share is mounted. The problem may lead to a loss of confidentiality, integrity, and/or availability.

Recommendations For Samba versions 2.x through 3.x, consider removing the setuid bit from smbmnt to prevent local users from gaining root privileges. As a temporary workaround, restrict the mounting of Samba shares that contain setuid root programs until a proper fix is applied.