Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1162

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2001-1162
Last Modified 05 Sep 2008 04:25:50
Published 23 Jun 2001 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1162

Summary

Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.

Vulnerable Systems

Application

  • Hp Cifs-9000 Server A.01.05

  • Hp Cifs-9000 Server A.01.06

  • Samba 2.0.5

  • Samba 2.0.6

  • Samba 2.0.7

  • Samba 2.0.8

  • Samba 2.0.9

  • Samba 2.2.0


References

XF - samba-netbios-file-creation(6731)

BID - 2928

BUGTRAQ - 20010623 smbd remote file creation vulnerability

CONFIRM - http://us1.samba.org/samba/whatsnew/macroexploit.html

HP - HPSBUX0107-157

REDHAT - RHSA-2001:086

MANDRAKE - MDKSA-2001-062

DEBIAN - DSA-065

CALDERA - CSSA-2001-024.0

IMMUNIX - IMNX-2001-70-027-01

CONECTIVA - CLA-2001:405

CIAC - L-105

SGI - 20011002-01-P


Last Updated: 27 May 2016 10:36:32