6.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:C/I:N/A:N
0.806 High
EPSS
Percentile
98.3%
When connecting to a share called โโ (empty string) using an older
version of smbclient (before 3.0.28) for example with:
'smbclient //server/ -U user%pass'
access to the root filesystem is granted with the privileges of the
authenticated user. This only happens in setups with registry shares
enabled by setting โregistry shares = yesโ which is implicitly set with
โinclude = registryโ and โconfig backend = registryโ,
but is not the default.
A patch addressing this defect has been posted to
http://www.samba.org/samba/security/
Additionally, Samba 3.2.7 has been issued as a security
release to correct the defect. Samba administrators are
advised to upgrade to 3.2.7 or apply the patch as soon
as possible when โregistry sharesโ is set to โyesโ.
As a workaround, registry shares can be disabled using โregistry shares = noโ.
This issue was found and reported to the Samba Team by
Gunter Hรถckel <Gunter.Hoeckel [at] fujitsu-siemens.com>.
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team