CVE-2004-0815 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2004-0815 Interim 1 4 2023-12-09T02:24:42Z current 2021-05-30T12:30:36Z 2023-12-09T02:24:42Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2004-0815 The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FA2YG3LJMMFHXGD3MIMTOHLMUTXTSWNP/#FA2YG3LJMMFHXGD3MIMTOHLMUTXTSWNP E-Mail link for SUSE-SA:2004:035 https://www.suse.com/support/security/rating/ SUSE Security Ratings The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames. CVE-2004-0815 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P