CVE-2010-0926
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2010-0926 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
This issue was addressed in Samba packages in Red Hat Enterprise Linux 5. It did not affect Samba packages in Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this issue as having low security impact. There is no plan to address this flaw in Red Hat Enterprise Linux 4.
To prevent this issue, disable "wide links" or "unix extensions" in the Samba configuration file (/etc/samba/smb.conf) and restart smbd (service smb restart). Disabled "wide links" ensure that remote Samba clients will not have wide symbolic links (links pointing outside of the shared directory) resolved on the server side when processing requests from a client that does not support UNIX extensions. Disabled "unix extensions" prevents creation of wide links by malicious clients which support UNIX extensions. For further information, please view http://www.samba.org/samba/news/symlink_attack.html
CVSS v2 metrics
| Base Score | 4 |
|---|---|
| Base Metrics | AV:N/AC:L/Au:S/C:P/I:N/A:N |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | Single |
| Confidentiality Impact | Partial |
| Integrity Impact | None |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 5 (samba) | RHSA-2012:0313 | 2012-02-21 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | samba | Not affected |
| Red Hat Enterprise Linux 5 | samba3x | Not affected |
| Red Hat Enterprise Linux 4 | samba | Will not fix |
CVE description copyright © 2017, The MITRE Corporation