NVD脆弱性詳細

CVE-2006-1864

概要	Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1863.
公表日	2006年4月27日3:06
登録日	2021年1月29日15:35
最終更新日	2018年10月19日1:36

CVSS2.0 : MEDIUM
スコア	4.6
ベクター	AV:L/AC:L/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	はい
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:o:linux:linux_kernel:2.6.16:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.16:rc1::::::
cpe:2.3:o:linux:linux_kernel:2.6.16:rc2::::::
cpe:2.3:o:linux:linux_kernel:2.6.16:rc3::::::
cpe:2.3:o:linux:linux_kernel:2.6.16:rc4::::::
cpe:2.3:o:linux:linux_kernel:2.6.16:rc5::::::
cpe:2.3:o:linux:linux_kernel:2.6.16:rc6::::::
cpe:2.3:o:linux:linux_kernel:2.6.16.1:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.16.2:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.16.3:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.16.4:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.16.7:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.16.8:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.16_rc7:::::::*

関連情報、対策とツール

No	URL	refsource	タグ
1	http://secunia.com/advisories/19869	SECUNIA
2	http://secunia.com/advisories/20237	SECUNIA
3	http://secunia.com/advisories/20398	SECUNIA
4	http://secunia.com/advisories/20671	SECUNIA
5	http://secunia.com/advisories/20716	SECUNIA
6	http://secunia.com/advisories/20914	SECUNIA
7	http://secunia.com/advisories/21035	SECUNIA
8	http://secunia.com/advisories/21476	SECUNIA
9	http://secunia.com/advisories/21614	SECUNIA
10	http://secunia.com/advisories/21745	SECUNIA
11	http://secunia.com/advisories/22497	SECUNIA
12	http://secunia.com/advisories/22875	SECUNIA
13	http://secunia.com/advisories/23064	SECUNIA
14	http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm	CONFIRM
15	http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm	CONFIRM
16	http://www.debian.org/security/2006/dsa-1097	DEBIAN
17	http://www.debian.org/security/2006/dsa-1103	DEBIAN
18	http://www.mandriva.com/security/advisories?name=MDKSA-2006:150	MANDRIVA
19	http://www.mandriva.com/security/advisories?name=MDKSA-2006:151	MANDRIVA
20	http://www.novell.com/linux/security/advisories/2006-05-31.html	SUSE
21	http://www.osvdb.org/25067	OSVDB
22	http://www.redhat.com/support/errata/RHSA-2006-0493.html	REDHAT
23	http://www.redhat.com/support/errata/RHSA-2006-0579.html	REDHAT
24	http://www.redhat.com/support/errata/RHSA-2006-0580.html	REDHAT
25	http://www.redhat.com/support/errata/RHSA-2006-0710.html	REDHAT
26	http://www.securityfocus.com/archive/1/451404/100/0/threaded	BUGTRAQ
27	http://www.securityfocus.com/archive/1/451417/100/200/threaded	BUGTRAQ
28	http://www.securityfocus.com/archive/1/451419/100/200/threaded	BUGTRAQ
29	http://www.securityfocus.com/archive/1/451426/100/200/threaded	BUGTRAQ
30	http://www.securityfocus.com/bid/17735	BID
31	http://www.trustix.org/errata/2006/0026	TRUSTIX
32	http://www.ubuntu.com/usn/usn-302-1	UBUNTU
33	http://www.vmware.com/download/esx/esx-202-200610-patch.html	CONFIRM
34	http://www.vmware.com/download/esx/esx-213-200610-patch.html	CONFIRM
35	http://www.vmware.com/download/esx/esx-254-200610-patch.html	CONFIRM
36	http://www.vupen.com/english/advisories/2006/2554	VUPEN
37	http://www.vupen.com/english/advisories/2006/4502	VUPEN
38	https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189435	CONFIRM	Exploit
39	https://exchange.xforce.ibmcloud.com/vulnerabilities/26137	XF
40	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11327	OVAL

共通脆弱性一覧

構成1	以上	以下	より上	未満
cpe:2.3:o:linux:linux_kernel:2.6.16:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.16:rc1::::::
cpe:2.3:o:linux:linux_kernel:2.6.16:rc2::::::
cpe:2.3:o:linux:linux_kernel:2.6.16:rc3::::::
cpe:2.3:o:linux:linux_kernel:2.6.16:rc4::::::
cpe:2.3:o:linux:linux_kernel:2.6.16:rc5::::::
cpe:2.3:o:linux:linux_kernel:2.6.16:rc6::::::
cpe:2.3:o:linux:linux_kernel:2.6.16.1:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.16.2:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.16.3:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.16.4:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.16.7:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.16.8:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.16_rc7:::::::*