| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7E749CB2FE5F46B185786C68FF1B5EFE@localhost> Date: Mon, 8 Feb 2010 22:33:28 +0100 From: "Stefan Kanthak" <stefan.kanthak@...go.de> To: <full-disclosure@...ts.grok.org.uk>, <bugtraq@...urityfocus.com> Cc: "Michael Wojcik" <Michael.Wojcik@...rofocus.com> Subject: Re: Samba Remote Zero-Day Exploit Michael Wojcik wrote: >> From: Stefan Kanthak [mailto:stefan.kanthak@...go.de] >> Sent: Saturday, 06 February, 2010 08:21 >> >> Dan Kaminsky wrote: >> >> [...] >> >> > (On a side note, you're not going to see this sort of symlink stuff >> > on Windows, >> >> What exactly do you mean? >> Traversing symlinks on the server/share, or creation of "wide" >symlinks >> by the client on the server/share? >> >> Since Windows 2000 NTFS supports "junctions", which pretty much >> resemble Unix symlinks, but only for directories. >> See <http://support.microsoft.com/kb/205524/en-us> > > And at least since Vista, it also supports symlinks, which are designed s/at least// [ well-known facts snipped ] > The Windows SMB server apparently won't cross reparse points, though, so > there's no equivalent vulnerability. NO, Windows SMB server crosses reparse points! But as Dan Kaminsky pointed out, you need to have administrative rights to remotely create a junction on an SMB share, so the non-admin user cant get himself access to files outside a share he's allowed to access. Stefan
Powered by blists - more mailing lists