Lucene search
+L

FreeBSD Security Advisory (FreeBSD-SA-06:16.smbfs.asc)

🗓️ 04 Sep 2008 00:00:00Reported by Copyright (C) 2008 E-Soft Inc.Type 
openvas
 openvas
🔗 plugins.openvas.org👁 15 Views

FreeBSD-SA-06:16.smbfs.asc - smbfs path sanitization vulnerability

Related
Refs
Code
ReporterTitlePublishedViews
Family
FreeBSD
smbfs -- chroot escape
31 May 200600:00
freebsd
CVE
CVE-2006-2654
2 Jun 200601:00
cve
Cvelist
CVE-2006-2654
2 Jun 200601:00
cvelist
EUVD
EUVD-2006-2653
7 Oct 202500:30
euvd
FreeBSD Advisory
FreeBSD-SA-06:16.smbfs
31 May 200600:00
freebsd_advisory
NVD
CVE-2006-2654
2 Jun 200601:02
nvd
OpenVAS
FreeBSD Security Advisory (FreeBSD-SA-06:16.smbfs.asc)
4 Sep 200800:00
openvas
Prion
Directory traversal
2 Jun 200601:02
prion
securityvulns
FreeBSD Security Advisory FreeBSD-SA-06:16.smbfs
2 Jun 200600:00
securityvulns
# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.56852");
  script_version("2023-07-26T05:05:09+0000");
  script_tag(name:"last_modification", value:"2023-07-26 05:05:09 +0000 (Wed, 26 Jul 2023)");
  script_tag(name:"creation_date", value:"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)");
  script_cve_id("CVE-2006-2654");
  script_tag(name:"cvss_base", value:"6.4");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:N");
  script_name("FreeBSD Security Advisory (FreeBSD-SA-06:16.smbfs.asc)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2008 E-Soft Inc.");
  script_family("FreeBSD Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/freebsd", "ssh/login/freebsdpatchlevel");

  script_tag(name:"insight", value:"smbfs is a network file-system used to access file servers using the
SMB/CIFS protocol.  chroot(2) is system call designed to limit a
process's access to a particular subset of a file-system.

smbfs does not properly sanitize paths containing a backslash
character. In particular the directory name '..\' is interpreted as
the parent directory by the SMB/CIFS server, but smbfs handles it in
the same manner as any other directory.");

  script_tag(name:"solution", value:"Upgrade your system to the appropriate stable release
  or security branch dated after the correction date.");

  script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-06:16.smbfs.asc");

  script_tag(name:"summary", value:"The remote host is missing an update to the system
  as announced in the referenced advisory FreeBSD-SA-06:16.smbfs.asc");

  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("pkg-lib-bsd.inc");

vuln = FALSE;

if(patchlevelcmp(rel:"6.1", patchlevel:"1")<0) {
  vuln = TRUE;
}
if(patchlevelcmp(rel:"6.0", patchlevel:"8")<0) {
  vuln = TRUE;
}
if(patchlevelcmp(rel:"5.5", patchlevel:"1")<0) {
  vuln = TRUE;
}
if(patchlevelcmp(rel:"5.4", patchlevel:"15")<0) {
  vuln = TRUE;
}
if(patchlevelcmp(rel:"5.3", patchlevel:"30")<0) {
  vuln = TRUE;
}
if(patchlevelcmp(rel:"4.11", patchlevel:"18")<0) {
  vuln = TRUE;
}
if(patchlevelcmp(rel:"4.10", patchlevel:"24")<0) {
  vuln = TRUE;
}

if(vuln) {
  security_message(port:0);
} else if (__pkg_match) {
  exit(99);
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

26 Jul 2023 00:00Current
7.1High risk
Vulners AI Score7.1
CVSS 26.4
EPSS0.02751
15