Signature Detail

SMB: Samba Directory Traversal

This signature detects SMB requests for pathnames that attempt to traverse the server root. Samba 3.0.5 and earlier versions are vulnerable. Malicious users can send "get", "put", and "dir" commands to a Samba server to access files outside the shared directories.

Extended Description

Samba is affected by a remote arbitrary file access vulnerability. This issue is due to a failure of the application to properly validate user-supplied file names. An attacker may leverage this issue to gain access to files outside of a Samba share's path on a vulnerable computer. Information gained in this way may reveal sensitive information aiding in further attacker against the computer.

Affected Products

• Conectiva Linux 10.0.0
• Conectiva Linux 9.0.0
• HP HP-UX B.11.00
• HP HP-UX B.11.11
• HP HP-UX B.11.22
• HP HP-UX B.11.23
• HP MPE/iX 6.5.0
• HP MPE/iX 7.0.0
• HP MPE/iX 7.5.0
• Mandriva Corporate Server 2.1.0
• Mandriva Corporate Server 2.1.0 X86 64
• Mandriva Linux Mandrake 9.2.0
• Mandriva Linux Mandrake 9.2.0 amd64
• Red Hat Linux 7.3.0
• Red Hat Linux 7.3.0 I386
• Red Hat Linux 7.3.0 I686
• Red Hat Linux 9.0.0 I386
• Samba 2.2.0 .0
• Samba 2.2.0 .0A
• Samba 2.2.0 A
• Samba 2.2.11
• Samba 2.2.1 A
• Samba 2.2.2
• Samba 2.2.3
• Samba 2.2.3 A
• Samba 2.2.4
• Samba 2.2.5
• Samba 2.2.6
• Samba 2.2.7
• Samba 2.2.7 A
• Samba 2.2.8
• Samba 2.2.8 A
• Samba 2.2.9
• Samba 3.0.0
• Samba 3.0.0 Alpha
• Samba 3.0.1
• Samba 3.0.2
• Samba 3.0.2 A
• Sun Java Desktop System (JDS) 2.0.0
• Sun Java Desktop System (JDS) 2003
• SuSE Linux 8.1.0
• SuSE Linux Desktop 1.0.0
• SuSE Linux Personal 8.2.0
• SuSE Linux Personal 9.0.0
• SuSE SUSE Linux Enterprise Server 8

References

• BugTraq: 11281
• CVE: CVE-2004-0815
• URL: http://www.idefense.com/application/poi/display?id=146&type=vulnerabilities