Previous articleBack to news listNext article
|
Sponsored links |
Want to become one of our authors and see your work published on ALLSeek.iNFO ?
|
| Samba 'smbprint' Unsafe Temporary File May Let Local Users Gain Elevated Privileges |
|---|
Categorie: Vulnerability
Posted: 2004-03-22 by ReCall
Views: 381
Source: Click here
| Current Rating: Not rated
|
|
| Details |
|---|
Description: A vulnerability was reported in the Samba 'smbprint' script. A local user may be able to gain elevated privileges.
Shaun Colley reported that the smbprint script provided with Samba uses temporary files in an unsafe manner. The script reportedly uses the '/tmp/smb-print.log' file for debugging purposes. A local user can create a symbolic link (symlink) from a critical file on the system to this temporary file. Then, when a target user runs smbprint, the symlinked file will be overwritten by smbprint with the privileges of the target user. A local user may be able to gain elevated privileges via this method.
In more recent versions of smbprint, the debug setting must be enabled in the user's '.config' file for this to be exploitable.
Impact: A local user may be able to cause files to be overwritten with the privileges of a target user running smbprint. This may allow the local user to gain the privileges of the target user.
Solution: No solution was available at the time of this entry.
|
| Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=776
|
| User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
|
Previous articleBack to news listNext article
|
