CVE-2010-1381 | Vulnerability Database | Aqua Security

The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. NOTE: this might overlap CVE-2010-0926.

Affected Software

Name	Vendor	Start Version	End Version
Mac_os_x	Apple	10.5.8 (including)	10.5.8 (including)
Mac_os_x	Apple	10.6.0 (including)	10.6.0 (including)
Mac_os_x	Apple	10.6.1 (including)	10.6.1 (including)
Mac_os_x	Apple	10.6.2 (including)	10.6.2 (including)
Mac_os_x	Apple	10.6.3 (including)	10.6.3 (including)
Mac_os_x_server	Apple	10.5.8 (including)	10.5.8 (including)
Mac_os_x_server	Apple	10.6.0 (including)	10.6.0 (including)
Mac_os_x_server	Apple	10.6.1 (including)	10.6.1 (including)
Mac_os_x_server	Apple	10.6.2 (including)	10.6.2 (including)
Mac_os_x_server	Apple	10.6.3 (including)	10.6.3 (including)

References

http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
http://secunia.com/advisories/40220
http://securitytracker.com/id?1024103
http://support.apple.com/kb/HT4188
http://www.securityfocus.com/bid/40871
http://www.vupen.com/english/advisories/2010/1481

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-1381
CWE	https://cwe.mitre.org/data/definitions/16.html