CVE-2004-0815

{"id": "CVE-2004-0815", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2004-11-03T05:00:00.000", "references": [{"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000873", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=109655827913457&w=2", "source": "cve@mitre.org"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101584-1", "source": "cve@mitre.org"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57664-1", "source": "cve@mitre.org"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200529-1", "source": "cve@mitre.org"}, {"url": "http://us4.samba.org/samba/news/#security_2.2.12", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2004/dsa-600", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.idefense.com/application/poi/display?id=146&type=vulnerabilities&flashstatus=true", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:104", "source": "cve@mitre.org"}, {"url": "http://www.novell.com/linux/security/advisories/2004_35_samba.html", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2004-498.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/377618", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/11281", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.trustix.org/errata/2004/0051/", "source": "cve@mitre.org"}, {"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2102", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17556", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via \"/.////\" style sequences in pathnames."}, {"lang": "es", "value": "La funci\u00f3n unix_clena_name en Samba 2.2.x a 2.2.11, y 3.0.x anterirores a 3.0.2a, recorta ciertos nombres de directorio a sus rutas absolutas, lo que podr\u00eda permitir a atacantes evitar la restricticiones de espeficadas de lectura, ejecuci\u00f3n y listado de carpetas compartidas mediante secuencias del estilo \"/.////\" en rutas."}], "lastModified": "2018-10-30T16:25:11.107", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:2.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65AC9643-E1A5-4013-9607-17C6CC7CC63B"}, {"criteria": "cpe:2.3:a:samba:samba:2.2.0a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "090E2541-2DBA-41CB-A792-9E703C797949"}, {"criteria": "cpe:2.3:a:samba:samba:2.2.1a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19F65FF3-71F8-4278-A823-A6E0FF65D9F1"}, {"criteria": "cpe:2.3:a:samba:samba:2.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C71CB60-2689-4A4A-9509-E2F3135E6491"}, {"criteria": "cpe:2.3:a:samba:samba:2.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0129E404-3AE8-4F0E-89CB-7F2FA5B47011"}, {"criteria": "cpe:2.3:a:samba:samba:2.2.3a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "614547F5-9C3F-489B-9B72-91B0FF646CCC"}, {"criteria": "cpe:2.3:a:samba:samba:2.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A052141C-874D-4ED0-99FB-D7468FACFC6E"}, {"criteria": "cpe:2.3:a:samba:samba:2.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9739EA65-9FA8-425E-B355-E690773D5B1B"}, {"criteria": "cpe:2.3:a:samba:samba:2.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B618F94-DAC2-4A97-9F7F-8BCEA3199769"}, {"criteria": "cpe:2.3:a:samba:samba:2.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEE7C057-B024-4417-B572-5D396366620E"}, {"criteria": "cpe:2.3:a:samba:samba:2.2.7a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34DC3500-F8F0-46E1-B0AA-C2474CCB3DAA"}, {"criteria": "cpe:2.3:a:samba:samba:2.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFCD334C-FB95-41A6-8F4C-FCC4E70CE930"}, {"criteria": "cpe:2.3:a:samba:samba:2.2.8a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75C86202-3150-440C-B048-BB039E9D3606"}, {"criteria": "cpe:2.3:a:samba:samba:2.2.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98CAF474-0C3A-4E49-8CF8-9DF14D84CDCC"}, {"criteria": "cpe:2.3:a:samba:samba:2.2.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C92304DE-CFBB-4C03-AA7F-54DB3C14ECF0"}, {"criteria": "cpe:2.3:a:samba:samba:2.2a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC2AE5A9-62C5-4DCE-85B3-16F48695B3B4"}, {"criteria": "cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F84FB25B-5EA5-48DC-B528-E8CCF714C919"}, {"criteria": "cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "216145B7-4716-42F7-90DC-03884ECB2271"}, {"criteria": "cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "898968E5-577E-4B86-A804-EBEC67157A61"}, {"criteria": "cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "920EF846-41D1-429D-AF0F-3D7950F93069"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}