What is CVE-2010-0926?

CVE-2010-0926 is a vulnerability in Samba, classified under Path Traversal. Published 2010-03-10.

Is CVE-2010-0926 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Samba

CVE-2010-0926

The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.563 (98.2th percentile) — read the EPSS interpretation.

Affected products

Samba — versions 3.3.3, 3.3.9, 3.3.10
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

References

20100204 Samba Remote Zero-Day Exploit (mailing-list, x_refsource_FULLDISC)
20100204 Re: Samba Remote Zero-Day Exploit (mailing-list, x_refsource_FULLDISC)
20100204 Re: Samba Remote Zero-Day Exploit (mailing-list, x_refsource_FULLDISC)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM)
SUSE-SR:2010:008 (vendor-advisory, x_refsource_SUSE)
SUSE-SR:2010:014 (vendor-advisory, x_refsource_SUSE)
20100205 Re: Samba Remote Zero-Day Exploit (mailing-list, x_refsource_FULLDISC)
[oss-security] 20100205 Samba symlink 0day flaw (mailing-list, x_refsource_MLIST)
[oss-security] 20100205 Re: Samba symlink 0day flaw (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2010-0926?: CVE-2010-0926 is a vulnerability in Samba, classified under Path Traversal. Published 2010-03-10.
Is CVE-2010-0926 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.