How to Buy
This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated samba packages that fix an input validation vulnerability are
Samba provides file and printer sharing services to SMB/CIFS clients.
Karol Wiesek discovered an input validation issue in Samba prior to
3.0.6. An authenticated user could send a carefully crafted request to
the Samba server, which would allow access to files outside of the
configured file share. Note: Such files would have to be readable by
the account used for the connection. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2004-0815
to this issue.
This issue does not affect Red Hat Enterprise Linux 3 as a previous
erratum updated to Samba 3.0.6 which is not vulnerable to this issue.
Users of Samba should upgrade to these updated packages, which contain
an upgrade to Samba-2.2.12, which is not vulnerable to this issue.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5
Family: Red Hat Local Security Checks
Nessus Plugin ID: 15428 ()
CVE ID: CVE-2004-0815
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.