Vulnerability Details : CVE-2004-0815
The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames.
Exploit prediction scoring system (EPSS) score for CVE-2004-0815
Probability of exploitation activity in the next 30 days: 86.50%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2004-0815
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2004-0815
-
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000873
Patch;Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2004-498.html
-
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200529-1
-
http://www.securityfocus.com/archive/1/377618
-
http://us4.samba.org/samba/news/#security_2.2.12
-
http://www.novell.com/linux/security/advisories/2004_35_samba.html
-
http://www.trustix.org/errata/2004/0051/
-
http://marc.info/?l=bugtraq&m=109655827913457&w=2
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/17556
-
http://www.debian.org/security/2004/dsa-600
Patch;Vendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-57664-1
-
https://bugzilla.fedora.us/show_bug.cgi?id=2102
-
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:104
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101584-1
-
http://www.idefense.com/application/poi/display?id=146&type=vulnerabilities&flashstatus=true
Exploit;Vendor Advisory
-
http://www.securityfocus.com/bid/11281
Patch;Vendor Advisory
Products affected by CVE-2004-0815
- cpe:2.3:a:samba:samba:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.1a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.3a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.0a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.7a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.8a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.9:*:*:*:*:*:*:*