JVN/CVE Demo: Nvdinfos

NVD

Id: 12462
Name: CVE-2010-0926
Description: The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.
Reject
CVSS Version: 2
CVSS Score: 3.5
Severity: Low
CVSS Base Score: 3.5
CVSS Impact Subscore: 2.9
CVSS Exploit Subscore: 6.8
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N)
Pub Date: 2017-01-18
Published: 2010-03-10
Modified Date: 2010-09-09
Seq: 2010-0926

Actions

Related NVD References

Id	NVD Id	NVD No.	Reference	Actions
68696	12462	CVE-2010-0926	20100204 Samba Remote Zero-Day Exploit	View
68697	12462	CVE-2010-0926	20100204 Re: Samba Remote Zero-Day Exploit	View
68698	12462	CVE-2010-0926	20100204 Re: Samba Remote Zero-Day Exploit	View
68699	12462	CVE-2010-0926	http://blog.metasploit.com/2010/02/exploiting-samba-symlink-traversal.html	View
68700	12462	CVE-2010-0926	http://gitweb.samba.org/?p=samba.git;a=commit;h=bd269443e311d96ef495a9db47d1b95eb83bb8f4	View
68701	12462	CVE-2010-0926	SUSE-SR:2010:008	View
68702	12462	CVE-2010-0926	SUSE-SR:2010:014	View
68703	12462	CVE-2010-0926	20100205 Re: Samba Remote Zero-Day Exploit	View
68704	12462	CVE-2010-0926	[oss-security] 20100205 Samba symlink 0day flaw	View
68705	12462	CVE-2010-0926	[oss-security] 20100205 Re: Samba symlink 0day flaw	View
68706	12462	CVE-2010-0926	[oss-security] 20100205 Re: Samba symlink 0day flaw	View
68707	12462	CVE-2010-0926	[oss-security] 20100206 Re: Samba symlink 0day flaw	View
68708	12462	CVE-2010-0926	[oss-security] 20100305 Re: Samba symlink 0day flaw	View
68709	12462	CVE-2010-0926	[samba-technical] 20100205 Claimed Zero Day exploit in Samba.	View
68710	12462	CVE-2010-0926	[samba-technical] 20100205 re: Claimed Zero Day exploit in Samba.	View
68711	12462	CVE-2010-0926	[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.	View
68712	12462	CVE-2010-0926	[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.	View
68713	12462	CVE-2010-0926	[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.	View
68714	12462	CVE-2010-0926	[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.	View
68715	12462	CVE-2010-0926	[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.	View
68716	12462	CVE-2010-0926	[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.	View
68717	12462	CVE-2010-0926	[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.	View
68718	12462	CVE-2010-0926	[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.	View
68719	12462	CVE-2010-0926	[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.	View
68720	12462	CVE-2010-0926	[samba-technical] 20100205 Re: Claimed Zero Day exploit in Samba.	View
68721	12462	CVE-2010-0926	[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.	View
68722	12462	CVE-2010-0926	[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.	View
68723	12462	CVE-2010-0926	[samba-technical] 20100206 Re: Claimed Zero Day exploit in Samba.	View
68724	12462	CVE-2010-0926	[samba-technical] 20100207 Re: Claimed Zero Day exploit in Samba.	View
68725	12462	CVE-2010-0926	[oss-security] 20100206 Re: Samba symlink 0day flaw	View
68726	12462	CVE-2010-0926	[oss-security] 20100305 Re: Samba symlink 0day flaw	View
68727	12462	CVE-2010-0926	http://www.samba.org/samba/news/symlink_attack.html	View
68728	12462	CVE-2010-0926	https://bugzilla.redhat.com/show_bug.cgi?id=562568	View
68729	12462	CVE-2010-0926	https://bugzilla.samba.org/show_bug.cgi?id=7104	View

Related JVN

Id	Name	Title	Summary	Cveinfo Name	Cveinfo Id	Nvdinfo Name	Nvdinfo Id	Cvssv2	Cvssv3	Jvnurl	Published Date	Last Updated Date	Actions
35962	JVNDB-2010-001742	Samba の smbd におけるディレクトリトラバーサルの脆弱性	Samba の smbd のデフォルト設定には、Unix の拡張機能とワイドリンクオプションの組み合わせに不備があるため、共有ディレクトリに書き込み権限が付与されている際、ディレクトリトラバーサルの脆弱性を利用される、または任意のファイルにアクセスされる脆弱性が存在します。	CVE-2010-0926	43506	CVE-2010-0926	12462	3.5		http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001742.html	2010-02-24	2010-07-29	View

Message	Memory use
Component initialization	1.38 MB
Controller action start	1.49 MB
Controller render start	2.31 MB
View render complete	22.08 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.97
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	286.22
Event: Controller.beforeRender	4.86
» Processing toolbar data	4.76
Rendering View	864.21
» Event: View.beforeRender	0.02
» Rendering APP/View/Nvdinfos/view.ctp	831.33
» Event: View.afterRender	0.05
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	20.05
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	6.25
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/nvdinfos/view/12462
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/nvdinfos/view/12462
Remote Port	17637
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.107
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.1.238.167
Http Via	1.1 squid-proxy-5b5d847c96-pqx49 (squid/6.10)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http Cookie	advanced-frontend=pr2ddhpbqovmp42ijcqlv4ns41
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
X Dostranslated Ip	216.73.216.107
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.107
Unique Id	aHbmOHu8O8JuB1g9lRKvVAAAAAY
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect X Dostranslated Ip	216.73.216.107
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.107
Redirect Unique Id	aHbmOHu8O8JuB1g9lRKvVAAAAAY
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect X Dostranslated Ip	216.73.216.107
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.107
Redirect Redirect Unique Id	aHbmOHu8O8JuB1g9lRKvVAAAAAY
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1752622648.1704
Request Time	1752622648

NVD

Actions

Related NVD References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files