source: https://www.securityfocus.com/bid/1884/info
Samba is a set of of programs that allow Windows® clients access to a Unix server's filespace and printers over NetBIOS. A directory traversal vulnerability exists in Microsoft's implementation of the SMB file and print sharing protocol for Windows 95 build 490.r6 and Windows for Workgroups.
smbclient normally rejects '/../' sequences in user-supplied pathnames before submitting them to the server. This prevents an attacker from traversing the server's directory tree and accessing files which would normally be inaccessible.
Because the check for '/../' is peformed by smbclient, the server assumes the client is filtering invalid input. However, a modified client can be made to accept the restricted '/../' sequences, appending these characters to filenames and submitting them as a request to the server.
Since the server leaves this input validation up to the client, once the server is provided with path information which contains '/../', it assumes it to be valid. As a result, a directory traversal becomes possible, granting an attacker access to normally-restricted portions of the host's filesystem. This can lead to the disclosure of security-related information, leaving the host open to further compromise.
Connect to a resource using smbclient.
Issue commands "cd ../" or "cd ..."
