Exploitation Summary
EIP tracks 3 public exploits for CVE-2010-0926.
PoCs published by kingcope, kcope, hdm, including Metasploit module auxiliary/admin/smb/samba_symlink_traversal.
AI-analyzed exploit summary This exploit leverages a directory traversal vulnerability in Samba by creating a symlink in a writable share to access the root filesystem. It requires authenticated access to a writable share, which could be accessible via guest accounts.
Description
The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.
Exploits (3)
This exploit leverages a directory traversal vulnerability in Samba by creating a symlink in a writable share to access the root filesystem. It requires authenticated access to a writable share, which could be accessible via guest accounts.
This exploit leverages a directory traversal vulnerability in Samba by modifying the symlink command to bypass path sanitization. It allows authenticated users to create symlinks outside the intended directory, potentially leading to unauthorized file access.
This Metasploit module exploits a directory traversal vulnerability in Samba (CVE-2010-0926) by creating a symlink in a writable share that points to the root filesystem. It allows an attacker to access arbitrary files on the server by traversing directories via the SMB protocol.