CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
80.1%
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.
Vendor | Product | Version | CPE |
---|---|---|---|
samba | samba | 3.0.12 | cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:* |
samba | samba | 3.0.13 | cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:* |
samba | samba | 3.0.14 | cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:* |
samba | samba | 3.0.14a | cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:* |
samba | samba | 3.0.15 | cpe:2.3:a:samba:samba:3.0.15:*:*:*:*:*:*:* |
samba | samba | 3.0.16 | cpe:2.3:a:samba:samba:3.0.16:*:*:*:*:*:*:* |
samba | samba | 3.0.17 | cpe:2.3:a:samba:samba:3.0.17:*:*:*:*:*:*:* |
samba | samba | 3.0.18 | cpe:2.3:a:samba:samba:3.0.18:*:*:*:*:*:*:* |
samba | samba | 3.0.19 | cpe:2.3:a:samba:samba:3.0.19:*:*:*:*:*:*:* |
samba | samba | 3.0.20 | cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:* |
lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
marc.info/?l=bugtraq&m=126514298313071&w=2
news.samba.org/releases/3.0.37/
news.samba.org/releases/3.2.15/
news.samba.org/releases/3.3.8/
news.samba.org/releases/3.4.2/
osvdb.org/57955
secunia.com/advisories/36701
secunia.com/advisories/36893
secunia.com/advisories/36918
secunia.com/advisories/36937
secunia.com/advisories/36953
secunia.com/advisories/37428
slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439
sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1
support.apple.com/kb/HT3865
wiki.rpath.com/Advisories:rPSA-2009-0145
www.samba.org/samba/security/CVE-2009-2813.html
www.securityfocus.com/archive/1/507856/100/0/threaded
www.securityfocus.com/bid/36363
www.ubuntu.com/usn/USN-839-1
www.vupen.com/english/advisories/2009/2810
exchange.xforce.ibmcloud.com/vulnerabilities/53174
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7211
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7257
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7791
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9191
www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html
www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html