A vulnerability in the creation of symbolic links (symlinks) in the free Samba file and printer server can be exploited to attain access to files outside of predefined paths and to the root directory. An attacker can hide amidst legitimate traffic in the application s update function. A Samba patch and a micropatch for end-of-life servers have debuted in the face of the critical vulnerability. Read the full article in The H Security Journal, published on Monday, here.
Source: https://threatpost.com/samba-vulnerability-open-root-directory-020810/73505/