CVE-2009-2813

medium

Description

Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.

References

http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

http://marc.info/?l=bugtraq&m=126514298313071&w=2

http://news.samba.org/releases/3.0.37/

http://news.samba.org/releases/3.2.15/

http://news.samba.org/releases/3.3.8/

http://news.samba.org/releases/3.4.2/

http://osvdb.org/57955

http://secunia.com/advisories/36701

http://secunia.com/advisories/36893

http://secunia.com/advisories/36918

http://secunia.com/advisories/36937

http://secunia.com/advisories/36953

http://secunia.com/advisories/37428

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1

http://support.apple.com/kb/HT3865

http://wiki.rpath.com/Advisories:rPSA-2009-0145

http://www.samba.org/samba/security/CVE-2009-2813.html

http://www.securityfocus.com/archive/1/507856/100/0/threaded

http://www.securityfocus.com/bid/36363

http://www.ubuntu.com/usn/USN-839-1

http://www.vupen.com/english/advisories/2009/2810

https://exchange.xforce.ibmcloud.com/vulnerabilities/53174

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7211

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7257

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7791

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9191

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html

Details

Source: MITRE

Published: 2009-09-14

Updated: 2018-10-10

Type: CWE-264

Risk Information

CVSS v2

Base Score: 6

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 6.8

Severity: MEDIUM