83 matches found
CVE-2009-2948
mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the...
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : samba vulnerabilities (USN-839-1)
J. David Hester discovered that Samba incorrectly handled users that lack home directories when the automated homes share is enabled. An authenticated user could connect to that share name and gain access to the whole filesystem. CVE-2009-2813 Tim Prouty discovered that the smbd daemon in Samba...
Information disclosure by setuid mount.cifs
Description The mount.cifs program allows a user to pass in the name of a credentials file or a file containing a password via several different means. When installed as a setuid program, it does not check to see whether the user would have had access to this file prior to gaining root privileges...