A vulnerability has been discovered in samba, a commonly used LanManager-like file and printer server for Unix. A remote attacker may be able to gain access to files which exist outside of the share's defined path. Such files must still be readable by the account used for the connection, though. CAN-2004-0815 http://www.debian.org/security/2004/dsa-600 Reproducible: Always Steps to Reproduce: 1. 2. 3.
Security Notice -- CVE CAN-2004-0815 A security vulnerability has been located in Samba 2.2.x <= 2.2.11 and Samba 3.0.x <= 3.0.5. A remote attacker may be able to gain access to files which exist outside of the share's defined path. Such files must still be readable by the account used for the connection. This may be a duplicate.
ERRATA : Security Notice -- CVE CAN-2004-0815 The original notice for CAN-2004-0815 indicated that Samba 3.0.x <= 3.0.5 was vulnerable to the security issue. After further research, Samba developers have confirmed that only Samba 3.0.2a and earlier releases contain the exploitable code. A new patch for Samba 3.0.2a and earlier (signature) has been posted. http://us1.samba.org/samba/ftp/patches/security/samba-3.0.2a-reduce_name.patch
Not sure if we issued a GLSA for this one. Closing because none of the vulnerable versions are in portage.
Yes, we already force >=3.0.5 and >=3.0.7 other GLSAs so everything is more than covered.
