13 lines
No EOL
1.3 KiB
Text
13 lines
No EOL
1.3 KiB
Text
source: https://www.securityfocus.com/bid/1884/info
|
|
|
|
Samba is a set of of programs that allow Windows® clients access to a Unix server's filespace and printers over NetBIOS. A directory traversal vulnerability exists in Microsoft's implementation of the SMB file and print sharing protocol for Windows 95 build 490.r6 and Windows for Workgroups.
|
|
|
|
smbclient normally rejects '/../' sequences in user-supplied pathnames before submitting them to the server. This prevents an attacker from traversing the server's directory tree and accessing files which would normally be inaccessible.
|
|
|
|
Because the check for '/../' is peformed by smbclient, the server assumes the client is filtering invalid input. However, a modified client can be made to accept the restricted '/../' sequences, appending these characters to filenames and submitting them as a request to the server.
|
|
|
|
Since the server leaves this input validation up to the client, once the server is provided with path information which contains '/../', it assumes it to be valid. As a result, a directory traversal becomes possible, granting an attacker access to normally-restricted portions of the host's filesystem. This can lead to the disclosure of security-related information, leaving the host open to further compromise.
|
|
|
|
Connect to a resource using smbclient.
|
|
|
|
Issue commands "cd ../" or "cd ..." |