<p>A user named "kcopedarookie" posted what they claim to be a video
of a
-zero-day <a href="http://www.youtube.com/watch?v=NN50RtZ2N74&aia=true">exploit
+zero-day <a href="http://www.youtube.com/watch?v=NN50RtZ2N74&aia=true">exploit
in Samba</a> on youtube yesterday.</p>
<p>The video shows modifications to smbclient allowing
</pre>
in the [global] section of your smb.conf and restart
smbd to eliminate this problem.</p>
+<p></p>
<h5>Longer FAQ: The real issue</h5>
allows Administrators to locally (on the server) add a symbolic link
inside an exported share which SMB/CIFS clients will follow.</p>
-<p>As an example, given a share definition:
+<p>As an example, given a share definition:</p>
<pre>
[tmp]
path = /tmp
read only = no
guest ok = yes
-</pre></p>
+</pre>
-<p>The administrator could add a symlink:
+<p>The administrator could add a symlink:</p>
<pre>
$ ln -s /etc/passwd /tmp/passwd
</pre>
-and SMB/CIFS clients would then see a file called "passwd" within
+<p>and SMB/CIFS clients would then see a file called "passwd" within
the [tmp] share that could be read and would allow clients to read
/etc/passwd.</p>
git.samba.org / metze / test / web / .git / commitdiff