CVE-2004-0815

critical

Description

The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/17556

https://bugzilla.fedora.us/show_bug.cgi?id=2102

http://www.trustix.org/errata/2004/0051/

http://www.securityfocus.com/bid/11281

http://www.securityfocus.com/archive/1/377618

http://www.redhat.com/support/errata/RHSA-2004-498.html

http://www.novell.com/linux/security/advisories/2004_35_samba.html

http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:104

http://www.debian.org/security/2004/dsa-600

http://us4.samba.org/samba/news/#security_2.2.12

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200529-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-57664-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101584-1

http://marc.info/?l=bugtraq&m=109655827913457&w=2

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000873

Details

Source: Mitre, NVD

Published: 2004-11-03

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical