Description
smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Martin Fiala · textlocallinux
https://www.exploit-db.com/exploits/23674
References (6)
Core 6
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107657505718743&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/3916
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15131
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107636290906296&w=2
Patch, Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2004/dsa-463
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9619
Scores
EPSS
0.0053
EPSS Percentile
67.2%
Details
Status
published
Products (5)
linux/linux_kernel
2.6.0 (12 CPE variants)
linux/linux_kernel
2.6.1 rc1 (2 CPE variants)
linux/linux_kernel
2.6_test9_cvs
samba/samba
2.0
samba/samba
3.0.0
Published
Mar 15, 2004
Tracked Since
Feb 18, 2026