smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Samba | Samba | 2.0 (including) | 2.0 (including) |
| Samba | Samba | 3.0.0 (including) | 3.0.0 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=107636290906296\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=107657505718743\u0026w=2
- http://www.debian.org/security/2004/dsa-463
- http://www.osvdb.org/3916
- http://www.securityfocus.com/bid/9619
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15131
- http://marc.info/?l=bugtraq\u0026m=107636290906296\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=107657505718743\u0026w=2
- http://www.debian.org/security/2004/dsa-463
- http://www.osvdb.org/3916
- http://www.securityfocus.com/bid/9619
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15131