Signature Detail

SMB: Samba Directory Traversal

This signature detects SMB requests for pathnames that attempt to traverse the server root. Samba 3.0.5 and earlier versions are vulnerable. Malicious users can send "get", "put", and "dir" commands to a Samba server to access files outside the shared directories.

Extended Description

Samba is affected by a remote arbitrary file access vulnerability. This issue is due to a failure of the application to properly validate user-supplied file names. An attacker may leverage this issue to gain access to files outside of a Samba share's path on a vulnerable computer. Information gained in this way may reveal sensitive information aiding in further attacker against the computer.

Affected Products

• Conectiva linux 10.0.0
• Conectiva linux 9.0.0
• Hp hp-ux B.11.00
• Hp hp-ux B.11.11
• Hp hp-ux B.11.22
• Hp hp-ux B.11.23
• Hp mpe/ix 6.5.0
• Hp mpe/ix 7.0.0
• Hp mpe/ix 7.5.0
• Mandriva corporate_server 2.1.0
• Mandriva corporate_server 2.1.0 X86 64
• Mandriva linux_mandrake 9.2.0
• Mandriva linux_mandrake 9.2.0 amd64
• Red_hat linux 7.3.0
• Red_hat linux 7.3.0 I386
• Red_hat linux 7.3.0 I686
• Red_hat linux 9.0.0 I386
• Samba samba 2.2.0 .0
• Samba samba 2.2.0 .0A
• Samba samba 2.2.0 A
• Samba samba 2.2.11
• Samba samba 2.2.1 A
• Samba samba 2.2.2
• Samba samba 2.2.3
• Samba samba 2.2.3 A
• Samba samba 2.2.4
• Samba samba 2.2.5
• Samba samba 2.2.6
• Samba samba 2.2.7
• Samba samba 2.2.7 A
• Samba samba 2.2.8
• Samba samba 2.2.8 A
• Samba samba 2.2.9
• Samba samba 3.0.0
• Samba samba 3.0.0 Alpha
• Samba samba 3.0.1
• Samba samba 3.0.2
• Samba samba 3.0.2 A
• Sun java_desktop_system_(jds) 2.0.0
• Sun java_desktop_system_(jds) 2003
• Suse linux 8.1.0
• Suse linux_desktop 1.0.0
• Suse linux_personal 8.2.0
• Suse linux_personal 9.0.0
• Suse suse_linux_enterprise_server 8

References

• BugTraq: 11281
• CVE: CVE-2004-0815
• URL: http://www.idefense.com/application/poi/display?id=146&type=vulnerabilities