Vulnerability Name: CVE-2004-0815 (CCN-17556) Assigned: 2004-09-30 Published: 2004-09-30 Updated: 2018-10-30 Summary: The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames. CVSS v3 Severity: 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-Other Vulnerability Consequences: Gain Access References: Source: CCN Type: BugTraq Mailing List, Tue Oct 05 2004 - 15:34:21 CDTERRATA: Potential Arbitrary File Access (CAN-2004-0815) Source: MITRE Type: CNACVE-2004-0815 Source: CONECTIVA Type: Patch, Vendor AdvisoryCLA-2004:873 Source: CCN Type: Conectiva Linux Security Announcement CLSA-2004:873Fix for samba vulnerabilities Source: BUGTRAQ Type: UNKNOWN20040930 Samba Security Announcement -- Potential Arbitrary File Access Source: CCN Type: RHSA-2004-498samba security update Source: SUNALERT Type: UNKNOWN101584 Source: SUNALERT Type: UNKNOWN57664 Source: CCN Type: Sun Alert ID: 57694Security Vulnerability When Samba Trims Certain Directory Names Down to Absolute Paths Source: SUNALERT Type: UNKNOWN200529 Source: CCN Type: Samba Security Announcement 30 September 2004Security Notice -- CVE CAN-2004-0815 Source: CONFIRM Type: UNKNOWNhttp://us4.samba.org/samba/news/#security_2.2.12 Source: CCN Type: CIAC Information Bulletin P-044Arbitrary File Access Vulnerability Source: DEBIAN Type: Patch, Vendor AdvisoryDSA-600 Source: DEBIAN Type: DSA-600samba -- arbitrary file access Source: IDEFENSE Type: Exploit, Vendor Advisory20040930 Samba Arbitrary File Access Vulnerability Source: CCN Type: Trustix Secure Linux Security Advisory #2004-0051access files outside of defined path Source: MANDRAKE Type: UNKNOWNMDKSA-2004:104 Source: SUSE Type: UNKNOWNSUSE-SA:2004:035 Source: REDHAT Type: UNKNOWNRHSA-2004:498 Source: BUGTRAQ Type: UNKNOWN20041005 ERRATA: Potential Arbitrary File Access (CAN-2004-0815) Source: BID Type: Patch, Vendor Advisory11281 Source: CCN Type: BID-11281Samba Remote Arbitrary File Access Vulnerability Source: TRUSTIX Type: UNKNOWN2004-0051 Source: FEDORA Type: UNKNOWNFLSA:2102 Source: XF Type: UNKNOWNsamba-file-access(17556) Source: XF Type: UNKNOWNsamba-file-access(17556) Source: SUSE Type: SUSE-SA:2004:035samba: remote file disclosure Vulnerable Configuration: Configuration 1 :cpe:/a:samba:samba:2.2.0:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2.0a:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2.1a:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2.2:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2.3:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2.3a:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2.4:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2.5:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2.6:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2.7:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2.7a:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2.8:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2.8a:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2.9:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2.11:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2a:*:*:*:*:*:*:* OR cpe:/a:samba:samba:3.0.0:*:*:*:*:*:*:* OR cpe:/a:samba:samba:3.0.1:*:*:*:*:*:*:* OR cpe:/a:samba:samba:3.0.2:*:*:*:*:*:*:* OR cpe:/a:samba:samba:3.0.2a:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:samba:samba:2.2.2:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2.3:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2.4:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2.5:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2.6:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2.8:*:*:*:*:*:*:* OR cpe:/a:samba:samba:3.0.1:*:*:*:*:*:*:* OR cpe:/a:samba:samba:3.0.2:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2a:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2.0a:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2.0:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2.1a:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2.3a:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2.7a:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2.7:*:*:*:*:*:*:* OR cpe:/a:samba:samba:3.0.2a:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2.8a:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2.9:*:*:*:*:*:*:* OR cpe:/a:samba:samba:2.2.11:*:*:*:*:*:*:* OR cpe:/a:samba:samba:3.0.0:*:*:*:*:*:*:* AND cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:* OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:* OR cpe:/o:trustix:secure_linux:1.5:*:*:*:*:*:*:* OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:* OR cpe:/o:hp:hp-ux:11.22:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:* OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:* OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:* OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:* OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:* OR cpe:/o:hp:hp-ux:11.23:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:* OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:* Denotes that component is vulnerable Oval Definitions BACK
samba samba 2.2.0
samba samba 2.2.0a
samba samba 2.2.1a
samba samba 2.2.2
samba samba 2.2.3
samba samba 2.2.3a
samba samba 2.2.4
samba samba 2.2.5
samba samba 2.2.6
samba samba 2.2.7
samba samba 2.2.7a
samba samba 2.2.8
samba samba 2.2.8a
samba samba 2.2.9
samba samba 2.2.11
samba samba 2.2a
samba samba 3.0.0
samba samba 3.0.1
samba samba 3.0.2
samba samba 3.0.2a
samba samba 2.2.2
samba samba 2.2.3
samba samba 2.2.4
samba samba 2.2.5
samba samba 2.2.6
samba samba 2.2.8
samba samba 3.0.1
samba samba 3.0.2
samba samba 2.2a
samba samba 2.2.0a
samba samba 2.2.0
samba samba 2.2.1a
samba samba 2.2.3a
samba samba 2.2.7a
samba samba 2.2.7
samba samba 3.0.2a
samba samba 2.2.8a
samba samba 2.2.9
samba samba 2.2.11
samba samba 3.0.0
hp hp-ux 11.00
hp hp-ux 11.11
trustix secure linux 1.5
debian debian linux 3.0
hp hp-ux 11.22
suse suse linux 8.1
suse linux enterprise server 8
mandrakesoft mandrake linux corporate server 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
suse suse linux 8.2
conectiva linux 9.0
trustix secure linux 2.0
hp hp-ux 11.23
suse suse linux 9.0
mandrakesoft mandrake linux 9.2
conectiva linux 10
redhat linux advanced workstation 2.1
mandrakesoft mandrake linux 9.2
mandrakesoft mandrake linux corporate server 2.1