CVE-2004-0815 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2004-0815
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2004-0815

Description: The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/17556 TRUSTIX http://www.trustix.org/errata/2004/0051/ SUSE http://www.novell.com/linux/security/advisories/2004_35_samba.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-57664-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101584-1 REDHAT http://www.redhat.com/support/errata/RHSA-2004-498.html MANDRAKE http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:104 IDEFENSE http://www.idefense.com/application/poi/display?id=146&type=vulnerabilities&flashstatus=true FEDORA DEBIAN http://www.debian.org/security/2004/dsa-600 CONFIRM http://us4.samba.org/samba/news/#security_2.2.12 CONECTIVA http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000873 BUGTRAQ http://www.securityfocus.com/archive/1/377618 http://marc.theaimsgroup.com/?l=bugtraq&m=109655827913457&w=2 BID 11281

Return to the previous page.