CVE-2004-0815 — Path Equivalence: '/./' (Single Dot Directory) in Samba

CWE-55 — Path Equivalence: '/./' (Single Dot Directory)CWE-41 — Improper Resolution of Path Equivalence CWE-182 — Collapse of Data into Unsafe Value9 documents7 sources

Severity

7.5HIGHNVD

EPSS

8.2%

top 7.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba

Timeline

PublishedNov 3

Latest updateApr 29

Description

The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/samba< samba 3.0.6-1 (bookworm)

▶Debiansamba/samba< 3.0.6-1+3

▶NVDsamba/samba20 versions+19

Patches

Patch: distro.conectiva.com.br ↗Patch: www.debian.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-fmc4-f425-jjcv: The unix_clean_name function in Samba 2↗2022-04-29

▶

OSV

CVE-2004-0815: The unix_clean_name function in Samba 2↗2004-11-03

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-09-30

▶

Debian

CVE-2004-0815: samba - The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0...↗2004

▶

📐Framework References

CWE

Path Equivalence: '/./' (Single Dot Directory)↗

▶

CWE

Improper Resolution of Path Equivalence↗

▶

CWE

Collapse of Data into Unsafe Value↗

▶

💬Community

Bugzilla

CVE-2004-0815 security flaw↗2018-08-16

▶