Detections
Analytics

Samba MS-DOS Path Request Arbitrary File Retrieval

medium Nessus Plugin ID 15394

Language:

Synopsis

The remote file server allows access to arbitrary files.

Description

According to its version number, the remote Samba server is affected by a flaw that allows an attacker to access arbitrary files which exist outside of the shares's defined path. An attacker needs a valid account to exploit this flaw.

Solution

Upgrade to Samba 2.2.12 / 3.0.7 or later.

See Also

http://www.nessus.org/u?3c682015

https://seclists.org/bugtraq/2004/Sep/458

https://seclists.org/bugtraq/2004/Oct/48

Plugin Details

Severity: Medium

ID: 15394

File Name: samba_arbitrary_file_access.nasl

Version: 1.23

Type: remote

Family: Misc.

Published: 9/30/2004

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:samba:samba

Required KB Items: SMB/NativeLanManager

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 9/30/2004

Reference Information

CVE: CVE-2004-0815

BID: 11216, 11281