Lucene search
SuseSUSE-SA:2004:035HistoryOct 05, 2004 - 2:57 p.m.
remote file disclosure in samba
2004-10-0514:57:32
lists.opensuse.org
18
0.965 High
EPSS
Percentile
99.5%
The Samba server, which allows to share files and resources via the SMB/CIFS protocol, contains a bug in the sanitation code of path names which allows remote attackers to access files outside of the defined share. In order to access these files, they must be readable by the account used for the SMB session. CAN-2004-0815 has been assigned to this issue.
Solution
As a temporary workaround you can set the wide links = no option in smb.conf and restart the samba server. However an update is recommended nevertheless.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 8.1 | i586 | samba | < 2.2.8a-224 | samba-2.2.8a-224.i586.rpm |
| openSUSE | 8.2 | i586 | samba | < 2.2.8a-225 | samba-2.2.8a-225.i586.rpm |
| openSUSE | 9.0 | x86_64 | samba | < 2.2.8a-226 | samba-2.2.8a-226.x86_64.rpm |
| openSUSE | 9.0 | i586 | samba | < 2.2.8a-226 | samba-2.2.8a-226.i586.rpm |
Related
nessus
nessus
Slackware 10.0 / 9.1 / current : Mozilla (SSA:2004-223-01)
2005-07-13 00:00:00
RHEL 2.1 / 3 : mozilla (RHSA-2004:421)
2004-08-05 00:00:00
Mandrake Linux Security Advisory : mozilla (MDKSA-2004:082)
2004-08-22 00:00:00
openvas
openvas
Slackware Advisory SSA:2004-223-01 Mozilla
2012-09-11 00:00:00
Slackware: Security Advisory (SSA:2004-223-01)
2012-09-10 00:00:00
SLES9: Security update for Mozilla
2009-10-10 00:00:00
slackware
slackware
[slackware-security] Mozilla
2004-08-10 21:17:12
libpng
2004-08-09 20:40:50
[slackware-security] imagemagick
2004-08-10 21:26:39
redhat
redhat
(RHSA-2004:421) mozilla security update
2004-08-04 00:00:00
(RHSA-2004:402) libpng security update
2004-08-04 00:00:00
(RHSA-2004:498) samba security update
2004-10-04 00:00:00
suse
suse
remote DoS condition in apache2
2004-09-06 13:51:41
remote code execution in cups
2004-09-15 14:45:26
various vulnerabilities in mozilla
2004-10-06 13:11:21
securityvulns
securityvulns
[ GLSA 200408-22 ] Mozilla, Firefox, Thunderbird: New releases fix vulnerabilities
2004-08-25 00:00:00
US-CERT Technical Cyber Security Alert TA04-217A -- Multiple Vulnerabilities in libpng
2004-08-05 00:00:00
CESA-2004-001: libpng
2004-08-05 00:00:00
gentoo
gentoo
Mozilla, Firefox, Thunderbird, Galeon, Epiphany: New releases fix vulnerabilities
2004-08-23 00:00:00
libpng: Numerous vulnerabilities
2004-08-05 00:00:00
f5
f5
SOL4009 - Vulnerabilities in libpng - CAN-2004-0597, CAN-2004-0598, CAN-2004-0599
2007-05-16 00:00:00
Vulnerabilities in libpng - CAN-2004-0597, CAN-2004-0598, CAN-2004-0599
2007-05-17 04:00:00
freebsd
freebsd
libpng stack-based buffer overflow and other code concerns
2004-08-04 00:00:00
mozilla -- automated file upload
2004-04-28 00:00:00
mozilla -- POP client heap overflow
2004-07-22 00:00:00
cert
cert
libpng contains integer overflows in progressive display image reading
2004-08-04 00:00:00
libpng png_handle_sPLT() integer overflow
2004-08-04 00:00:00
libpng png_handle_iCCP() NULL pointer dereference
2004-08-04 00:00:00
osv
osv
libpng - several vulnerabilities
2004-08-04 00:00:00
libpng3 - buffer overflows, integer overflow
2004-10-20 00:00:00
libpng - integer overflow
2004-10-20 00:00:00
debian
debian
cve
cve
ubuntucve
ubuntucve
checkpoint_advisories
checkpoint_advisories
Mozilla SOAPParameter Integer Overflow (CVE-2004-0722)
2010-03-15 00:00:00
Mozilla Firefox onunload SSL Certificate Spoofing (CVE-2004-0763)
2009-11-19 00:00:00
libpng Transparency Chunk Length Buffer Overflow (CVE-2004-0597)
2010-02-21 00:00:00
samba
samba
Potential Arbitrary File Access
2004-09-30 00:00:00
debiancve
debiancve
CVE-2004-0815
2004-11-03 05:00:00
coresecurity
coresecurity
MSN Messenger PNG Image Parsing Vulnerability
2005-02-08 00:00:00