SuSE9 Security Update : Samba (YOU Patch Number 12595)
Low Nessus Plugin ID 45453
SynopsisThe remote SuSE 9 host is missing a security-related patch.
DescriptionWith enabled 'wide links' samba follows symbolic links on the server side, therefore allowing clients to overwrite arbitrary files (CVE-2010-0926). This update changes the default setting to have 'wide links' disabled by default. The new default only works if 'wide links' is not set explicitly in smb.conf.
Due to a race condition in mount.cifs a local attacker could corrupt /etc/mtab if mount.cifs is installed setuid root. mount.cifs is not setuid root by default and it's not recommended to change that.
SolutionApply YOU patch number 12595.