SUSE-SA:2004:035: samba

high Nessus Plugin ID 15423

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2004:035 (samba).


The Samba server, which allows to share files and resources via the SMB/CIFS protocol, contains a bug in the sanitation code of path names which allows remote attackers to access files outside of the defined share. In order to access these files, they must be readable by the account used for the SMB session.
CVE-2004-0815 has been assigned to this issue.

Solution

http://www.suse.de/security/2004_35_samba.html

Plugin Details

Severity: High

ID: 15423

File Name: suse_SA_2004_035.nasl

Version: 1.11

Agent: unix

Published: 10/5/2004

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Reference Information

CVE: CVE-2004-0815