Vulnerability Description
The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Samba | Samba | 2.2.0 |
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000873PatchVendor Advisory
- http://marc.info/?l=bugtraq&m=109655827913457&w=2
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101584-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-57664-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200529-1
- http://us4.samba.org/samba/news/#security_2.2.12
- http://www.debian.org/security/2004/dsa-600PatchVendor Advisory
- http://www.idefense.com/application/poi/display?id=146&type=vulnerabilities&flasExploitVendor Advisory
- http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:104
- http://www.novell.com/linux/security/advisories/2004_35_samba.html
- http://www.redhat.com/support/errata/RHSA-2004-498.html
- http://www.securityfocus.com/archive/1/377618
- http://www.securityfocus.com/bid/11281PatchVendor Advisory
- http://www.trustix.org/errata/2004/0051/
- https://bugzilla.fedora.us/show_bug.cgi?id=2102
FAQ
What is CVE-2004-0815?
CVE-2004-0815 is a vulnerability with a CVSS score of 7.5 (HIGH). The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified sh...
How severe is CVE-2004-0815?
CVE-2004-0815 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0815?
Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba.