CVE-2004-0815 Information

Description

The unix_clean_name function in Samba 2.2.x through 2.2.11 and 3.0.x before 3.0.2a trims certain directory names down to absolute paths which could allow remote attackers to bypass the specified share restrictions and read write or list arbitrary files via /.////\ style sequences in pathnames.

Reference

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000873 http://marc.info/?l=bugtraq&m=109655827913457&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101584-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57664-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200529-1 http://us4.samba.org/samba/news/security_2.2.12 http://www.debian.org/security/2004/dsa-600 http://www.idefense.com/application/poi/display?id=146&type=vulnerabilities&flashstatus=true http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:104 http://www.novell.com/linux/security/advisories/2004_35_samba.html http://www.redhat.com/support/errata/RHSA-2004-498.html http://www.securityfocus.com/archive/1/377618 http://www.securityfocus.com/bid/11281 http://www.trustix.org/errata/2004/0051/ https://bugzilla.fedora.us/show_bug.cgi?id=2102 https://exchange.xforce.ibmcloud.com/vulnerabilities/17556