CVE-2004-0815
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames.
La función unix_clena_name en Samba 2.2.x a 2.2.11, y 3.0.x anterirores a 3.0.2a, recorta ciertos nombres de directorio a sus rutas absolutas, lo que podría permitir a atacantes evitar la restricticiones de espeficadas de lectura, ejecución y listado de carpetas compartidas mediante secuencias del estilo "/.////" en rutas.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2004-08-25 CVE Reserved
- 2004-10-07 CVE Published
- 2023-09-23 EPSS Updated
- 2024-08-08 CVE Updated
- 2024-08-08 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (18)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=bugtraq&m=109655827913457&w=2 | Mailing List | |
| http://us4.samba.org/samba/news/#security_2.2.12 | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/377618 | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17556 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://www.idefense.com/application/poi/display?id=146&type=vulnerabilities&flashstatus=true | 2024-08-08 |
| URL | Date | SRC |
|---|---|---|
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000873 | 2018-10-30 | |
| http://www.debian.org/security/2004/dsa-600 | 2018-10-30 | |
| http://www.securityfocus.com/bid/11281 | 2018-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 2.2.0 Search vendor "Samba" for product "Samba" and version "2.2.0" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 2.2.0a Search vendor "Samba" for product "Samba" and version "2.2.0a" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 2.2.1a Search vendor "Samba" for product "Samba" and version "2.2.1a" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 2.2.2 Search vendor "Samba" for product "Samba" and version "2.2.2" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 2.2.3 Search vendor "Samba" for product "Samba" and version "2.2.3" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 2.2.3a Search vendor "Samba" for product "Samba" and version "2.2.3a" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 2.2.4 Search vendor "Samba" for product "Samba" and version "2.2.4" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 2.2.5 Search vendor "Samba" for product "Samba" and version "2.2.5" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 2.2.6 Search vendor "Samba" for product "Samba" and version "2.2.6" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 2.2.7 Search vendor "Samba" for product "Samba" and version "2.2.7" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 2.2.7a Search vendor "Samba" for product "Samba" and version "2.2.7a" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 2.2.8 Search vendor "Samba" for product "Samba" and version "2.2.8" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 2.2.8a Search vendor "Samba" for product "Samba" and version "2.2.8a" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 2.2.9 Search vendor "Samba" for product "Samba" and version "2.2.9" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 2.2.11 Search vendor "Samba" for product "Samba" and version "2.2.11" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 2.2a Search vendor "Samba" for product "Samba" and version "2.2a" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.0.0 Search vendor "Samba" for product "Samba" and version "3.0.0" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.0.1 Search vendor "Samba" for product "Samba" and version "3.0.1" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.0.2 Search vendor "Samba" for product "Samba" and version "3.0.2" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.0.2a Search vendor "Samba" for product "Samba" and version "3.0.2a" | - |
Affected
| ||||||