Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-0926Path Traversal in Samba

CWE-22Path Traversal12 documents8 sources
Severity
3.5LOWNVD
EPSS
52.4%
top 2.06%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
SambaDebian SambaApple MAC OS X+1 more
Timeline
PublishedMar 10
Latest updateMay 2

Description

The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages5 packages

debiandebian/samba< samba 2:3.4.6~dfsg-1 (bookworm)
Debiansamba/samba< 2:3.4.6~dfsg-1+3
NVDsamba/samba18 versions+17
NVDapple/mac_os_x5 versions+4
NVDapple/mac_os_x_server5 versions+4

🔴Vulnerability Details

3
GHSA
GHSA-pfw5-rj4c-2cm8: The default configuration of SMB File Server in Apple Mac OS X 102022-05-02
GHSA
GHSA-c6j9-4944-rfw4: The default configuration of smbd in Samba before 32022-05-02
OSV
CVE-2010-0926: The default configuration of smbd in Samba before 32010-03-10

💥Exploits & PoCs

3
Exploit-DB
Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory2017-03-27
Exploit-DB
Samba 3.4.5 - Symlink Directory Traversal2010-02-04
Exploit-DB
Samba 3.4.5 - Symlink Directory Traversal (Metasploit)2010-02-04

📋Vendor Advisories

3
Ubuntu
Samba vulnerability2010-03-24
Red Hat
samba: insecure "wide links" default2010-02-05
Debian
CVE-2010-0926: samba - The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, an...2010

💬Community

1
Bugzilla
CVE-2010-0926 samba: insecure "wide links" default2010-02-07