6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
Samba is vulnerable to Access Restriction Bypass. A flaw was discovered in the way Samba handled users without a home directory set in the back-end password database (e.g. “/etc/passwd”). If a share for the home directory of such a user was created (e.g. using the automated “[homes]” share), any user able to access that share could see the whole file system, possibly bypassing intended access restrictions.
lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
marc.info/?l=bugtraq&m=126514298313071&w=2
news.samba.org/releases/3.0.37/
news.samba.org/releases/3.2.15/
news.samba.org/releases/3.3.8/
news.samba.org/releases/3.4.2/
osvdb.org/57955
secunia.com/advisories/36701
secunia.com/advisories/36893
secunia.com/advisories/36918
secunia.com/advisories/36937
secunia.com/advisories/36953
secunia.com/advisories/37428
slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439
sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1
support.apple.com/kb/HT3865
wiki.rpath.com/Advisories:rPSA-2009-0145
www.redhat.com/security/updates/classification/#moderate
www.samba.org/samba/security/CVE-2009-2813.html
www.securityfocus.com/archive/1/507856/100/0/threaded
www.securityfocus.com/bid/36363
www.ubuntu.com/usn/USN-839-1
www.vupen.com/english/advisories/2009/2810
access.redhat.com/errata/RHSA-2009:1529
exchange.xforce.ibmcloud.com/vulnerabilities/53174
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7211
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7257
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7791
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9191
www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html
www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html