Samba Symlink Traversal Arbitrary File Access (unsafe check)
High Nessus Plugin ID 44406
SynopsisThe remote file server is prone to a symlink attack.
DescriptionThe remote Samba server is configured insecurely and allows a remote attacker to gain read or possibly write access to arbitrary files on the affected host. Specifically, if an attacker has a valid Samba account for a share that is writable or there is a writable share that is configured to be a guest account share, he can create a symlink using directory traversal sequences and gain access to files and directories outside that share.
Note that successful exploitation requires that the Samba server's 'wide links' parameter be set to 'yes', which is the default.
SolutionSet 'wide links = no' in the [global] section of smbd.conf.