Wednesday, September 9, 2015

Samba username map script Command Execution

Command execution vulnerability in Samba versions 3.0.20 through 3.0.25rc3 when using the non-default "username map script" containing shell meta characters, attackers can execute arbitrary command. No authentication is required to exploit this vulnerability!