CVE-2001-1162

Name of the Vulnerable Software and Affected Versions Samba versions prior to 2.2.0a Samba-swat version 2.0.10 Samba-common version 2.0.10 Samba-client version 2.0.10

Description The issue concerns multiple vulnerabilities in Samba packages, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A directory traversal vulnerability exists in the %m macro in the smb.conf configuration file, allowing remote attackers to overwrite certain files via a .. in a NETBIOS name used as the name for a .log file.

Recommendations For Samba versions prior to 2.2.0a, update to version 2.2.0a or later to resolve the issue. For Samba-swat version 2.0.10, consider disabling the vulnerable components until a patch is available. For Samba-common version 2.0.10, restrict access to the vulnerable modules to minimize the risk of exploitation. For Samba-client version 2.0.10, avoid using the vulnerable client functionality until the issue is resolved. As a temporary workaround, consider restricting access to the smb.conf configuration file to prevent remote attackers from exploiting the directory traversal vulnerability.