Samba mount. cifs Local Security Restriction Bypass Vulnerability

Samba mount. cifs Local Security Restriction Bypass Vulnerability

Release date:
Updated on:

Affected Systems:
Linux kernel 2.6.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 52742

Samba is a set of programs that implement the SMB (Server Messages Block) protocol, cross-platform file sharing and print sharing services.

Samba mount. cifs performs chdir on a specific directory before the fstab file is checked. cifs is installed as setuid, which allows attackers to enumerate system files and directories by checking the error response, so as to bypass security restrictions, perform illegal operations, and identify root files and directories.

<* Source: vendor

Link: http://bugs.debian.org/cgi-bin/bugreport.cgi? Bug = 665923

Https://bugzilla.samba.org/show_bug.cgi? Id = 8821
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

Vendor () provides the following test methods:

/Sbin/mount. cifs // 127.0.0.1/a/root/secret_directory/secret_file

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Linux
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.kernel.org/