Author: tridge Date: 2010-02-05 14:54:11 -0700 (Fri, 05 Feb 2010) New Revision: 1365
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=1365 Log: improve layout Modified: trunk/news/symlink_attack.html Changeset: Modified: trunk/news/symlink_attack.html =================================================================== --- trunk/news/symlink_attack.html 2010-02-05 21:49:33 UTC (rev 1364) +++ trunk/news/symlink_attack.html 2010-02-05 21:54:11 UTC (rev 1365) @@ -8,7 +8,7 @@ <p>A user named "kcopedarookie" posted what they claim to be a video of a -zero-day <a href="http://www.youtube.com/watch?v=NN50RtZ2N74&aia=true">exploit +zero-day <a href="http://www.youtube.com/watch?v=NN50RtZ2N74&aia=true">exploit in Samba</a> on youtube yesterday.</p> <p>The video shows modifications to smbclient allowing @@ -25,6 +25,7 @@ </pre> in the [global] section of your smb.conf and restart smbd to eliminate this problem.</p> +<p></p> <h5>Longer FAQ: The real issue</h5> @@ -38,21 +39,21 @@ allows Administrators to locally (on the server) add a symbolic link inside an exported share which SMB/CIFS clients will follow.</p> -<p>As an example, given a share definition: +<p>As an example, given a share definition:</p> <pre> [tmp] path = /tmp read only = no guest ok = yes -</pre></p> +</pre> -<p>The administrator could add a symlink: +<p>The administrator could add a symlink:</p> <pre> $ ln -s /etc/passwd /tmp/passwd </pre> -and SMB/CIFS clients would then see a file called "passwd" within +<p>and SMB/CIFS clients would then see a file called "passwd" within the [tmp] share that could be read and would allow clients to read /etc/passwd.</p>