smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.
| Software | From | Fixed in |
|---|---|---|
| samba / samba | 3.0.0 | 3.0.0.x |
| samba / samba | 2.0 | 2.0.x |
| linux / linux_kernel | 2.6.0-test5 | 2.6.0-test5.x |
| linux / linux_kernel | 2.6.0-test2 | 2.6.0-test2.x |
| linux / linux_kernel | 2.6_test9_cvs | 2.6_test9_cvs.x |
| linux / linux_kernel | 2.6.0-test11 | 2.6.0-test11.x |
| linux / linux_kernel | 2.6.1-rc2 | 2.6.1-rc2.x |
| linux / linux_kernel | 2.6.0-test1 | 2.6.0-test1.x |
| linux / linux_kernel | 2.6.0-test6 | 2.6.0-test6.x |
| linux / linux_kernel | 2.6.0-test4 | 2.6.0-test4.x |
| linux / linux_kernel | 2.6.0 | 2.6.0.x |
| linux / linux_kernel | 2.6.0-test10 | 2.6.0-test10.x |
| linux / linux_kernel | 2.6.0-test9 | 2.6.0-test9.x |
| linux / linux_kernel | 2.6.1-rc1 | 2.6.1-rc1.x |
| linux / linux_kernel | 2.6.0-test7 | 2.6.0-test7.x |
| linux / linux_kernel | 2.6.0-test8 | 2.6.0-test8.x |
| linux / linux_kernel | 2.6.0-test3 | 2.6.0-test3.x |