CVE-2010-0787

Samba <3.4.5 - Privilege Escalation

Title source: llm

Description

client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file.

References (18)

Core 18

Core References

Various Sources x_refsource_confirm

http://git.samba.org/?p=samba.git%3Ba=commit%3Bh=3ae5dac462c4ed0fb2cd94553583c56fce2f9d80

Various Sources x_refsource_confirm

http://git.samba.org/?p=samba.git%3Ba=commit%3Bh=a0c31ec1c8d1220a5884e40d9ba6b191a04a24d5

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=558833

Patch x_refsource_confirm

https://bugzilla.samba.org/show_bug.cgi?id=6853

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/38286

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/1062

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034470.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/38308

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-201206-29.xml

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034444.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/39898

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-893-1

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2010:090

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=532940

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/37992

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/38357

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/55944

Scores

EPSS 0.0042

EPSS Percentile 62.1%

Details

CWE

CWE-59

Status published

Products (5)

samba/samba 3.0.22

samba/samba 3.0.28a

samba/samba 3.2.3

samba/samba 3.4.0

samba/samba 3.4.5

Published Mar 02, 2010

Tracked Since Feb 18, 2026