CVE

CVE-2006-1863

Date: (C)2006-04-25   (M)2023-12-22

Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\" sequences, a similar vulnerability to CVE-2006-1864.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.1
Exploit Score: 3.9
Impact Score: 2.9
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE

Reference:

BID-17742

SECUNIA-19868

2006-0024

SECUNIA-20398

SECUNIA-20914

SECUNIA-21614

OSVDB-25068

ADV-2006-1542

ADV-2006-2554

DSA-1103

MDKSA-2006:150

MDKSA-2006:151

RHBA-2007-0304

SUSE-SA:2006:028

http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=296034f7de8bdf111984ce1630ac598a9c94a253

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.11

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189434

kernel-cifs-directory-traversal(26141)

oval:org.mitre.oval:def:10383