CVE-2004-0815
Samba 2.2.x-2.2.11 and 3.0.x < 3.0.2a - Path Traversal via Absolute Path Bypass
Title source: llmDescription
The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames.
References (16)
Core 16
Core References
Vendor Advisory vendor-advisory
x_refsource_trustix
http://www.trustix.org/errata/2004/0051/
Various Sources x_refsource_confirm
http://us4.samba.org/samba/news/#security_2.2.12
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200529-1
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109655827913457&w=2
Issue Tracking vendor-advisory
x_refsource_fedora
https://bugzilla.fedora.us/show_bug.cgi?id=2102
Exploit, Vendor Advisory third-party-advisory
x_refsource_idefense
http://www.idefense.com/application/poi/display?id=146&type=vulnerabilities&flashstatus=true
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/377618
Patch, Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2004/dsa-600
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-498.html
Patch, Vendor Advisory vendor-advisory
x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000873
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11281
Various Sources vendor-advisory
x_refsource_mandrake
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:104
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57664-1
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101584-1
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2004_35_samba.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17556
Scores
EPSS
0.0822
EPSS Percentile
92.3%
Details
Status
published
Products (20)
samba/samba
2.2.0
samba/samba
2.2.0a
samba/samba
2.2.1a
samba/samba
2.2.2
samba/samba
2.2.3
samba/samba
2.2.3a
samba/samba
2.2.4
samba/samba
2.2.5
samba/samba
2.2.6
samba/samba
2.2.7
... and 10 more
Published
Nov 03, 2004
Tracked Since
Feb 18, 2026