Diary

 

Oracle has an unscheduled security alert and patch for CVE-2010-0073. The issue affects WebLogic Server and is remotely exploitable. Details and patch are here http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0073.html
When is a 0day not a 0day? Samba symlink bad default config
Share |
Published: 2010-02-09,
Last Updated: 2010-02-09 00:23:31 UTC
by Adrien de Beaupre (Version: 1)
0 comment(s)

When is a 0day not a 0day? When the exploit ends up being just a poor default configuration issue. It can lead to files being read, that the user has permission to read. Like /etc/passwd for example. The solution? Set "wide links = no" in the [global] section of your smb.conf and restart smbd to eliminate this problem, from the Samba Symlink Attack posting here. Thanks Elazar!

Cheers,
Adrien de Beaupré
EWA-Canada.com

Keywords: From the when is a 0day not a 0day series
0 comment(s)

Comments

Login here to post a comment. Diary Archive