Samba Symlink Traversal Arbitrary File Access (unsafe check)

High Nessus Plugin ID 44406


The remote file server is prone to a symlink attack.


The remote Samba server is configured insecurely and allows a remote attacker to gain read or possibly write access to arbitrary files on the affected host. Specifically, if an attacker has a valid Samba account for a share that is writable or there is a writable share that is configured to be a guest account share, he can create a symlink using directory traversal sequences and gain access to files and directories outside that share.

Note that successful exploitation requires that the Samba server's 'wide links' parameter be set to 'yes', which is the default.


Set 'wide links = no' in the [global] section of smbd.conf.

See Also

Plugin Details

Severity: High

ID: 44406

File Name: samba_symlink_dir_traversal.nasl

Version: $Revision: 1.19 $

Type: local

Family: Misc.

Published: 2010/02/08

Modified: 2016/11/17

Dependencies: 10396

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:samba:samba

Required KB Items: SMB/samba

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 2010/02/04

Reference Information

CVE: CVE-2010-0926

BID: 38111

OSVDB: 62145

Secunia: 38454

CWE: 22