Lucene search

[email protected]CVE-2010-0787

HistoryMar 02, 2010 - 6:30 p.m.

CVE-2010-0787

2010-03-0218:30:01

CWE-59

[email protected]

web.nvd.nist.gov

cve-2010-0787

samba

symlink attack

privilege escalation

nvd

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.1%

JSON

client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file.

Affected configurations

NVD

Node

sambasambaMatch3.0.22

sambasambaMatch3.0.28a

sambasambaMatch3.2.3

sambasambaMatch3.4.0

sambasambaMatch3.4.5

CPENameOperatorVersion
samba:sambasambaeq3.0.22
samba:sambasambaeq3.0.28a
samba:sambasambaeq3.2.3
samba:sambasambaeq3.4.0
samba:sambasambaeq3.4.5

CPE	Name	Operator	Version
samba:samba	samba	eq	3.0.22
samba:samba	samba	eq	3.0.28a
samba:samba	samba	eq	3.2.3
samba:samba	samba	eq	3.4.0
samba:samba	samba	eq	3.4.5

References

git.samba.org/?p=samba.git%3Ba=commit%3Bh=3ae5dac462c4ed0fb2cd94553583c56fce2f9d80

git.samba.org/?p=samba.git%3Ba=commit%3Bh=a0c31ec1c8d1220a5884e40d9ba6b191a04a24d5

lists.fedoraproject.org/pipermail/package-announce/2010-January/034444.html

lists.fedoraproject.org/pipermail/package-announce/2010-January/034470.html

lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

secunia.com/advisories/38286

secunia.com/advisories/38308

secunia.com/advisories/38357

security.gentoo.org/glsa/glsa-201206-29.xml

www.mandriva.com/security/advisories?name=MDVSA-2010:090

www.securityfocus.com/bid/37992

www.securityfocus.com/bid/39898

www.ubuntu.com/usn/USN-893-1

www.vupen.com/english/advisories/2010/1062

bugzilla.redhat.com/show_bug.cgi?id=532940

bugzilla.redhat.com/show_bug.cgi?id=558833

bugzilla.samba.org/show_bug.cgi?id=6853

exchange.xforce.ibmcloud.com/vulnerabilities/55944

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.1%

JSON

Related for CVE-2010-0787

ubuntucve1 nvd2 cvelist1 nessus19 prion1 debiancve1 veracode1 openvas26 ubuntu1 suse2 gentoo1 osv1 cve1 centos1 redhat1 oraclelinux2 vmware2