Mac OS X Server 10.2: Protecting your Windows (SMB) shares from remote attacks

On Mac OS X Server versions 10.2 to 10.2.8, a remote attacker may be able to gain access to files that exist outside of an SMB share's defined path. The attacker must still be using an account that has read permissions for the targeted files.

To prevent this scenario, locate your smb.conf file, and open it in the text editor of your choice. Search the file for the entry, wide links = yes. If it's present, change the yes to no. If the line isn't present, add the following line to the file:

wide links = no.