Vulnerability Details CVE-2004-0815
The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.082
EPSS Ranking 91.8%
CVSS Severity
CVSS v2 Score 7.5
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000873
- http://marc.info/?l=bugtraq&m=109655827913457&w=2
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101584-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-57664-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200529-1
- http://us4.samba.org/samba/news/#security_2.2.12
- http://www.debian.org/security/2004/dsa-600
- http://www.idefense.com/application/poi/display?id=146&type=vulnerabilities&flashstatus=true
- http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:104
- http://www.novell.com/linux/security/advisories/2004_35_samba.html
- http://www.redhat.com/support/errata/RHSA-2004-498.html
- http://www.securityfocus.com/archive/1/377618
- http://www.securityfocus.com/bid/11281
- http://www.trustix.org/errata/2004/0051/
- https://bugzilla.fedora.us/show_bug.cgi?id=2102
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17556
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000873
- http://marc.info/?l=bugtraq&m=109655827913457&w=2
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101584-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-57664-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200529-1
- http://us4.samba.org/samba/news/#security_2.2.12
- http://www.debian.org/security/2004/dsa-600
- http://www.idefense.com/application/poi/display?id=146&type=vulnerabilities&flashstatus=true
- http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:104
- http://www.novell.com/linux/security/advisories/2004_35_samba.html
- http://www.redhat.com/support/errata/RHSA-2004-498.html
- http://www.securityfocus.com/archive/1/377618
- http://www.securityfocus.com/bid/11281
- http://www.trustix.org/errata/2004/0051/
- https://bugzilla.fedora.us/show_bug.cgi?id=2102
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17556
Products affected by CVE-2004-0815
-
cpe:2.3:a:samba:samba:2.2.0
-
cpe:2.3:a:samba:samba:2.2.0a
-
cpe:2.3:a:samba:samba:2.2.11
-
cpe:2.3:a:samba:samba:2.2.1a
-
cpe:2.3:a:samba:samba:2.2.2
-
cpe:2.3:a:samba:samba:2.2.3
-
cpe:2.3:a:samba:samba:2.2.3a
-
cpe:2.3:a:samba:samba:2.2.4
-
cpe:2.3:a:samba:samba:2.2.5
-
cpe:2.3:a:samba:samba:2.2.6
-
cpe:2.3:a:samba:samba:2.2.7
-
cpe:2.3:a:samba:samba:2.2.7a
-
cpe:2.3:a:samba:samba:2.2.8
-
cpe:2.3:a:samba:samba:2.2.8a
-
cpe:2.3:a:samba:samba:2.2.9
-
cpe:2.3:a:samba:samba:2.2a
-
cpe:2.3:a:samba:samba:3.0.0
-
cpe:2.3:a:samba:samba:3.0.1
-
cpe:2.3:a:samba:samba:3.0.2
-
cpe:2.3:a:samba:samba:3.0.2a