Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
http://marc.info/?l=bugtraq&m=126514298313071&w=2
http://news.samba.org/releases/3.0.37/
http://news.samba.org/releases/3.2.15/
http://news.samba.org/releases/3.3.8/
http://news.samba.org/releases/3.4.2/
http://secunia.com/advisories/36701
http://secunia.com/advisories/36893
http://secunia.com/advisories/36918
http://secunia.com/advisories/36937
http://secunia.com/advisories/36953
http://secunia.com/advisories/37428
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1
http://support.apple.com/kb/HT3865
http://wiki.rpath.com/Advisories:rPSA-2009-0145
http://www.samba.org/samba/security/CVE-2009-2813.html
http://www.securityfocus.com/archive/1/507856/100/0/threaded
http://www.securityfocus.com/bid/36363
http://www.ubuntu.com/usn/USN-839-1
http://www.vupen.com/english/advisories/2009/2810
https://exchange.xforce.ibmcloud.com/vulnerabilities/53174
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7211
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7257
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7791
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9191
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html