CVE-2001-1162
First published: Sat Jun 23 2001(Updated: )
Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samba | =2.0.5 | |
| Samba | =2.0.6 | |
| Samba | =2.0.7 | |
| Samba | =2.0.8 | |
| Samba | =2.0.9 | |
| Samba | =2.2.0 | |
| HP CIFS/9000 Server | =a.01.05 | |
| HP CIFS/9000 Server | =a.01.06 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/archive/1/193027
- http://www.securityfocus.com/bid/2928
- http://us1.samba.org/samba/whatsnew/macroexploit.html
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-062.php3
- http://www.securityfocus.com/advisories/3423
- http://ciac.llnl.gov/ciac/bulletins/l-105.shtml
- http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-027-01
- http://www.calderasystems.com/support/security/advisories/CSSA-2001-024.0.txt
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000405
- http://www.redhat.com/support/errata/RHSA-2001-086.html
- http://www.debian.org/security/2001/dsa-065
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6731
Frequently Asked Questions
What is the severity of CVE-2001-1162?
CVE-2001-1162 is considered a high severity vulnerability due to its potential to allow remote attackers to overwrite files.
How do I fix CVE-2001-1162?
To fix CVE-2001-1162, upgrade Samba to version 2.2.0a or later, where the vulnerability has been resolved.
What versions of Samba are affected by CVE-2001-1162?
CVE-2001-1162 affects Samba versions from 2.0.5 to 2.2.0, including various subversions of 2.0.x.
What type of attack does CVE-2001-1162 enable?
CVE-2001-1162 enables directory traversal attacks allowing remote attackers to overwrite log files.
Is CVE-2001-1162 related to any specific configuration file?
Yes, CVE-2001-1162 is related to the smb.conf configuration file within Samba.
- agent/type
- agent/references
- agent/remedy
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/samba
- canonical/samba
- version/samba/2.0.5
- version/samba/2.0.6
- version/samba/2.0.7
- version/samba/2.0.8
- version/samba/2.0.9
- version/samba/2.2.0
- vendor/hp
- canonical/hp cifs/9000 server
- version/hp cifs/9000 server/a.01.05
- version/hp cifs/9000 server/a.01.06