Exploitation Summary
EIP tracks 1 public exploit for CVE-2004-0186. PoCs published by Martin Fiala.
AI-analyzed exploit summary This exploit demonstrates a local privilege escalation vulnerability in the Linux kernel 2.6 by leveraging the setuid/setgid bits on a file hosted on a remote Samba share. The attacker can gain root privileges by executing a setuid binary from the mounted share.
Description
smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.
Exploits (1)
This exploit demonstrates a local privilege escalation vulnerability in the Linux kernel 2.6 by leveraging the setuid/setgid bits on a file hosted on a remote Samba share. The attacker can gain root privileges by executing a setuid binary from the mounted share.