Samba SecuritySAMBA:CVE-2009-0022Potential access to "/" in setups with
6.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:C/I:N/A:N
0.806 High
EPSS
Percentile
98.3%
Description
When connecting to a share called โโ (empty string) using an older
version of smbclient (before 3.0.28) for example with:
'smbclient //server/ -U user%pass'
access to the root filesystem is granted with the privileges of the
authenticated user. This only happens in setups with registry shares
enabled by setting โregistry shares = yesโ which is implicitly set with
โinclude = registryโ and โconfig backend = registryโ,
but is not the default.
Patch Availability
A patch addressing this defect has been posted to
http://www.samba.org/samba/security/
Additionally, Samba 3.2.7 has been issued as a security
release to correct the defect. Samba administrators are
advised to upgrade to 3.2.7 or apply the patch as soon
as possible when โregistry sharesโ is set to โyesโ.
Workaround
As a workaround, registry shares can be disabled using โregistry shares = noโ.
Credits
This issue was found and reported to the Samba Team by
Gunter Hรถckel <Gunter.Hoeckel [at] fujitsu-siemens.com>.
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
Related
6.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:C/I:N/A:N
0.806 High
EPSS
Percentile
98.3%