Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2001-1162

Published: 23/06/2001 Updated: 10/10/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Samba

Vulnerability Summary

Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba prior to 2.2.0a allows remote malicious users to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.

Vulnerable Product Search on Vulmon Subscribe to Product

samba samba 2.0.9

samba samba 2.2.0

samba samba 2.0.7

samba samba 2.0.8

samba samba 2.0.5

samba samba 2.0.6

hp cifs-9000 server a.01.05

hp cifs-9000 server a.01.06

Vendor Advisories

Debian Security Advisories: DSA-065-1 samba -- remote file append/creation
Michal Zalewski discovered that Samba does not properly validate NetBIOS names from remote machines By itself that is not a problem, except if Samba is configured to write log-files to a file that includes the NetBIOS name of the remote side by using the `%m' macro in the `log file' command In that case an attacker could use a NetBIOS name like ' ...

Exploits

Exploit DB: Samba 2.0.x/2.2 - Arbitrary File Creation
source: wwwsecurityfocuscom/bid/2928/info Samba is a freely available file and printer sharing application maintained and developed by the Samba Development Team Samba allows file and printer sharing between operating systems on the Unix and Microsoft platforms A remote local user can write arbitrary files on the Samba server, as the s ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/archive/1/193027http://www.securityfocus.com/bid/2928http://us1.samba.org/samba/whatsnew/macroexploit.htmlhttp://www.linux-mandrake.com/en/security/2001/MDKSA-2001-062.php3http://www.securityfocus.com/advisories/3423ftp://patches.sgi.com/support/free/security/advisories/20011002-01-Phttp://ciac.llnl.gov/ciac/bulletins/l-105.shtmlhttp://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-027-01http://www.calderasystems.com/support/security/advisories/CSSA-2001-024.0.txthttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000405http://www.redhat.com/support/errata/RHSA-2001-086.htmlhttp://www.debian.org/security/2001/dsa-065https://exchange.xforce.ibmcloud.com/vulnerabilities/6731https://nvd.nist.govhttps://www.debian.org/security/./dsa-065https://www.exploit-db.com/exploits/20968/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook