FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- remote file disclosure

Affected packages
samba < 2.2.12
3.* < samba <= 3.0.2a
3.*,1 < samba <= 3.0.2a_1,1
ja-samba < 2.2.11.j1.0_1

Details

VuXML ID de16b056-132e-11d9-bc4a-000c41e2cdad
Discovery 2004-09-30
Entry 2004-09-30
Modified 2008-09-26

According to a Samba Team security notice:

A security vulnerability has been located in Samba 2.2.x <= 2.2.11 and Samba 3.0.x <= 3.0.5. A remote attacker may be able to gain access to files which exist outside of the share's defined path. Such files must still be readable by the account used for the connection.

The original notice for CAN-2004-0815 indicated that Samba 3.0.x <= 3.0.5 was vulnerable to the security issue. After further research, Samba developers have confirmed that only Samba 3.0.2a and earlier releases contain the exploitable code.

References

CVE Name CVE-2004-0815
URL http://www.samba.org/samba/news/#security_2.2.12