Computer Security Global Security Mag Online anti virus spywares job oofers telecom and network security
- english:
- Product Reviews:
- Business News:
- MAGIC QUADRANT :
- Market News:
- WHITE PAPER:
- Special Reports:
- Interviews:
- Opinion:
- EVENTS:
- Security Vulnerability:
- Malware Update:
- Diary:
- Guide & Podcast:
- Jobs:
- International News:
- CONTACTS:
- TRAINING :
Global Security Magazine Online antivirus
Product Reviews
Business News
MAGIC QUADRANT 
Market News
Special Reports
Opinion
EVENTS
Security Vulnerability
Malware Update
Diary
Guide & Podcast
Jobs
International News
CONTACTS
Flux RSS
| Vigil@nce: Samba, privilege elevation via mount.cifs |
| February 2010 by Vigil@nce |
| SYNTHESIS OF THE VULNERABILITY When the mount.cifs tool is installed suid root, a local attacker can use a symbolic link, in order to elevate his privileges or to obtain information. Severity: 2/4 Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading Provenance: user shell Means of attack: 1 attack Ability of attacker: technician (2/4) Confidence: confirmed by the editor (5/5) Diffusion of the vulnerable configuration: high (3/3) Creation date: 29/01/2010 IMPACTED PRODUCTS
DESCRIPTION OF THE VULNERABILITY The mount.cifs utility of the Samba suite is used to mount a remote CIFS/SMB share in a local directory. This tool is frequently installed suid root. However, this tool does not atomically check the mount directory. A local attacker can therefore:
So, by modifying/reading the content of the share on the remote server, the local attacker can modify/read to content of /privatedirectory. When the mount.cifs tool is installed suid root, a local attacker can therefore use a symbolic link, in order to elevate his privileges or to obtain information. CHARACTERISTICS Identifiers: 532940, 6853, BID-37992, CVE-2009-3297, VIGILANCE-VUL-9390 |
< previous next > |
Samba
