published date: June 23, 2001

CVE-2001-1162 : Directory Traversal Vulnerability

Description

Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.

Product(s):

HP CIFS_9000 Server A.01.05
HP CIFS_9000 Server A.01.06
Samba 2.0.5
Samba 2.0.5a
Samba 2.0.6
Samba 2.0.7
Samba 2.0.8
Samba 2.0.9
Samba 2.2.0
Samba 2.2.0a

CVSS:10 [Critical]
EPSS:30.17%
Exploitability:10
In KEV:No

Question to Ask Vendors:

Can you confirm whether your systems are affected by CVE-2001-1162, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-2001-1162 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions:

Check out the advisory links provided below.

References:

https://nvd.nist.gov/vuln/detail/CVE-2001-1162

READY TO GET RESULTS YOU CAN TRUST?

Get a Demo Contact Sales