Description
Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient.
Products
- Samba Samba
- Samba Samba
- Samba 1.9.17
- Samba 1.9.17 p1
- Samba 1.9.17 p2
- Samba 1.9.17 p3
- Samba 1.9.17 p4
- Samba 1.9.17 p5
- Samba 1.9.18
- Samba 1.9.18
- Samba 1.9.18 p10
- Samba 1.9.18 p1
- Samba 1.9.18 p2
- Samba 1.9.18 p3
- Samba 1.9.18 p4
- Samba 1.9.18 p5
- Samba 1.9.18 p6
- Samba 1.9.18 p7
- Samba 1.9.18 p8
- Samba 2.0.0
- Samba 2.0.1
- Samba 2.0.2
- Samba 2.0.3
- Samba 2.0.4
- Samba 2.0.5
- Samba 2.0.5
- Samba 2.0.5a
- Samba Samba 2.0.5a
- Samba 2.0.6
- Samba 2.0.7
- Samba Samba 2.0
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2001-0406, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2001-0406 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References