Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2004-0815HistoryNov 03, 2004 - 5:00 a.m.
CVE-2004-0815
2004-11-0305:00:00
Debian Security Bug Tracker
security-tracker.debian.org
12
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.865 High
EPSS
Percentile
98.6%
The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via “/.////” style sequences in pathnames.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | samba | < 3.0.6-1 | samba_3.0.6-1_all.deb |
| Debian | 11 | all | samba | < 3.0.6-1 | samba_3.0.6-1_all.deb |
| Debian | 10 | all | samba | < 3.0.6-1 | samba_3.0.6-1_all.deb |
| Debian | 999 | all | samba | < 3.0.6-1 | samba_3.0.6-1_all.deb |
| Debian | 13 | all | samba | < 3.0.6-1 | samba_3.0.6-1_all.deb |
Related
openvas
openvas
HP-UX Update for CIFS Samba Server HPSBUX01086
2009-05-05 00:00:00
Debian Security Advisory DSA 600-1 (samba)
2008-01-17 00:00:00
FreeBSD Ports: samba
2008-09-04 00:00:00
nessus
nessus
Samba MS-DOS Path Request Arbitrary File Retrieval
2004-09-30 00:00:00
SUSE-SA:2004:035: samba
2004-10-05 00:00:00
Debian DSA-600-1 : samba - arbitrary file access
2004-11-10 00:00:00
cve
cve
CVE-2004-0815
2004-11-03 05:00:00
CVE-2004-0910
2004-11-03 05:00:00
samba
samba
Potential Arbitrary File Access
2004-09-30 00:00:00
securityvulns
securityvulns
ERRATA: Potential Arbitrary File Access (CAN-2004-0815)
2004-10-06 00:00:00
debian
debian
[SECURITY] [DSA 600-1] New samba packages fix arbitrary file access
2004-10-07 07:45:17
[SECURITY] [DSA 600-1] New samba packages fix arbitrary file access
2004-10-07 07:45:17
redhat
redhat
(RHSA-2004:498) samba security update
2004-10-04 00:00:00
osv
osv
samba - arbitrary file access
2004-10-07 00:00:00
freebsd
freebsd
samba -- remote file disclosure
2004-09-30 00:00:00
suse
suse
remote file disclosure in samba
2004-10-05 14:57:32
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.865 High
EPSS
Percentile
98.6%
Related for DEBIANCVE:CVE-2004-0815