DescriptionThe unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames.
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
|National Vulnerability Database|
- SUSE-SA:2004:035, published Tuesday, Oct 5th 2004 16:53:01 MEST