Summary: | net-fs/samba arbitrary file access [DSA-600] | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Marc Vila <marc.vila> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.debian.org/security/2004/dsa-600 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Marc Vila
2004-10-07 07:06:39 UTC
Security Notice -- CVE CAN-2004-0815 A security vulnerability has been located in Samba 2.2.x <= 2.2.11 and Samba 3.0.x <= 3.0.5. A remote attacker may be able to gain access to files which exist outside of the share's defined path. Such files must still be readable by the account used for the connection. This may be a duplicate. ERRATA : Security Notice -- CVE CAN-2004-0815 The original notice for CAN-2004-0815 indicated that Samba 3.0.x <= 3.0.5 was vulnerable to the security issue. After further research, Samba developers have confirmed that only Samba 3.0.2a and earlier releases contain the exploitable code. A new patch for Samba 3.0.2a and earlier (signature) has been posted. http://us1.samba.org/samba/ftp/patches/security/samba-3.0.2a-reduce_name.patch Not sure if we issued a GLSA for this one. Closing because none of the vulnerable versions are in portage. Yes, we already force >=3.0.5 and >=3.0.7 other GLSAs so everything is more than covered. |