6.8 Medium
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.017 Low
EPSS
Percentile
87.8%
J. David Hester discovered that Samba incorrectly handled users that lack
home directories when the automated [homes] share is enabled. An
authenticated user could connect to that share name and gain access to the
whole filesystem. (CVE-2009-2813)
Tim Prouty discovered that the smbd daemon in Samba incorrectly handled
certain unexpected network replies. A remote attacker could send malicious
replies to the server and cause smbd to use all available CPU, leading to a
denial of service. (CVE-2009-2906)
Ronald Volgers discovered that the mount.cifs utility, when installed as a
setuid program, would not verify user permissions before opening a
credentials file. A local user could exploit this to use or read the
contents of unauthorized credential files. (CVE-2009-2948)
Reinhard Nißl discovered that the smbclient utility contained format string
vulnerabilities in its file name handling. Because of security features in
Ubuntu, exploitation of this vulnerability is limited. If a user or
automated system were tricked into processing a specially crafted file
name, smbclient could be made to crash, possibly leading to a denial of
service. This only affected Ubuntu 8.10. (CVE-2009-1886)
Jeremy Allison discovered that the smbd daemon in Samba incorrectly handled
permissions to modify access control lists when dos filemode is enabled. A
remote attacker could exploit this to modify access control lists. This
only affected Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-1886)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 9.04 | noarch | smbfs | < 2:3.3.2-1ubuntu3.2 | UNKNOWN |
Ubuntu | 9.04 | noarch | libpam-smbpass | < 2:3.3.2-1ubuntu3.2 | UNKNOWN |
Ubuntu | 9.04 | noarch | libsmbclient | < 2:3.3.2-1ubuntu3.2 | UNKNOWN |
Ubuntu | 9.04 | noarch | libsmbclient | < dev-2:3.3.2-1ubuntu3.2 | UNKNOWN |
Ubuntu | 9.04 | noarch | libwbclient0 | < 2:3.3.2-1ubuntu3.2 | UNKNOWN |
Ubuntu | 9.04 | noarch | samba | < 2:3.3.2-1ubuntu3.2 | UNKNOWN |
Ubuntu | 9.04 | noarch | samba | < common-2:3.3.2-1ubuntu3.2 | UNKNOWN |
Ubuntu | 9.04 | noarch | samba | < dbg-2:3.3.2-1ubuntu3.2 | UNKNOWN |
Ubuntu | 9.04 | noarch | samba | < tools-2:3.3.2-1ubuntu3.2 | UNKNOWN |
Ubuntu | 9.04 | noarch | smbclient | < 2:3.3.2-1ubuntu3.2 | UNKNOWN |