7.5
CVE-2004-0815
- EPSS 4.89%
- Veröffentlicht 03.11.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:06:26
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.89% | 0.909 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101584-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57664-1
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000873
http://marc.info/?l=bugtraq&m=109655827913457&w=2
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200529-1
http://us4.samba.org/samba/news/#security_2.2.12
http://www.debian.org/security/2004/dsa-600
http://www.idefense.com/application/poi/display?id=146&type=vulnerabilities&flashstatus=true
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:104
http://www.novell.com/linux/security/advisories/2004_35_samba.html
http://www.redhat.com/support/errata/RHSA-2004-498.html
http://www.securityfocus.com/archive/1/377618
http://www.securityfocus.com/bid/11281
http://www.trustix.org/errata/2004/0051/
https://bugzilla.fedora.us/show_bug.cgi?id=2102
https://exchange.xforce.ibmcloud.com/vulnerabilities/17556