CVE-2004-0186 | Vulnerability Database | Aqua Security

smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.

Affected Software

Name	Vendor	Start Version	End Version
Samba	Samba	2.0 (including)	2.0 (including)
Samba	Samba	3.0.0 (including)	3.0.0 (including)

References

http://marc.info/?l=bugtraq\u0026m=107636290906296\u0026w=2
http://marc.info/?l=bugtraq\u0026m=107657505718743\u0026w=2
http://www.debian.org/security/2004/dsa-463
http://www.osvdb.org/3916
http://www.securityfocus.com/bid/9619
https://exchange.xforce.ibmcloud.com/vulnerabilities/15131
http://marc.info/?l=bugtraq\u0026m=107636290906296\u0026w=2
http://marc.info/?l=bugtraq\u0026m=107657505718743\u0026w=2
http://www.debian.org/security/2004/dsa-463
http://www.osvdb.org/3916
http://www.securityfocus.com/bid/9619
https://exchange.xforce.ibmcloud.com/vulnerabilities/15131

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-0186
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html