Vulnerability Details : CVE-2001-1162
Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.
Vulnerability category: Directory traversal
Exploit prediction scoring system (EPSS) score for CVE-2001-1162
Probability of exploitation activity in the next 30 days: 1.93%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 87 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2001-1162
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2001-1162
-
http://www.redhat.com/support/errata/RHSA-2001-086.html
-
http://us1.samba.org/samba/whatsnew/macroexploit.html
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/6731
-
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-027-01
-
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-062.php3
-
http://ciac.llnl.gov/ciac/bulletins/l-105.shtml
-
http://www.debian.org/security/2001/dsa-065
-
http://www.securityfocus.com/bid/2928
Exploit;Patch;Vendor Advisory
-
http://www.securityfocus.com/advisories/3423
-
http://www.securityfocus.com/archive/1/193027
Exploit;Patch;Vendor Advisory
-
http://www.calderasystems.com/support/security/advisories/CSSA-2001-024.0.txt
-
ftp://patches.sgi.com/support/free/security/advisories/20011002-01-P
-
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000405
Products affected by CVE-2001-1162
- cpe:2.3:a:hp:cifs-9000_server:a.01.05:*:*:*:*:*:*:*
- cpe:2.3:a:hp:cifs-9000_server:a.01.06:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.0.6:*:*:*:*:*:*:*