CyberSec.Space Logo
Back to CVE Browser

CVE-2001-1162

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0310%
EPSS Percentile29.69th
PublishedJun 23, 2001
Last ModifiedApr 16, 2026

Vulnerability Description

Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.

Affected Platforms (CPE)

πŸ“¦
Samba

Samba

= 2.0.5
πŸ“¦
Samba

Samba

= 2.0.6
πŸ“¦
Samba

Samba

= 2.0.7
πŸ“¦
Samba

Samba

= 2.0.8
πŸ“¦
Samba

Samba

= 2.0.9
πŸ“¦
Samba

Samba

= 2.2.0
πŸ“¦
Hp

Cifs 9000 Server

= a.01.05
πŸ“¦
Hp

Cifs 9000 Server

= a.01.06

References & Advisories

πŸ”— ftp://patches.sgi.com/support/free/security/advisories/20011002-01-P
πŸ”— http://ciac.llnl.gov/ciac/bulletins/l-105.shtml
πŸ”— http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000405
πŸ”— http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-027-01
πŸ”— http://us1.samba.org/samba/whatsnew/macroexploit.html
πŸ”— http://www.calderasystems.com/support/security/advisories/CSSA-2001-024.0.txt
πŸ”— http://www.debian.org/security/2001/dsa-065
πŸ”— http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-062.php3

Related Vulnerabilities

CVE-2001-098110.0

HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without spec...

CVE-1999-018210.0

Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password.

CVE-1999-081010.0

Denial of service in Samba NETBIOS name service daemon (nmbd).

CVE-2003-019610.0

Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service...