Samba can be configured to allow any user with write access the ability to create a link to the root filesystem. Once an attacker has this level of access, it’s only a matter of time before the system gets owned. Although this configuration isn’t that common in the wild, it does happen, and Metasploit has a module to easily exploit this security flaw.

Symbolic links, or symlinks, are files that link to other files or directories on a system, and they are an essential part of the Linux environment. Symlinks are often used to connect libraries and redirect certain binaries to other versions… more


Go to Source

 

Comments are closed.