Lucene search

K

Veracode Vulnerability DatabaseVERACODE:23911

HistoryApr 10, 2020 - 12:39 a.m.

Access Restriction Bypass

2020-04-1000:39:57

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

13

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

Samba is vulnerable to Access Restriction Bypass. A flaw was discovered in the way Samba handled users without a home directory set in the back-end password database (e.g. “/etc/passwd”). If a share for the home directory of such a user was created (e.g. using the automated “[homes]” share), any user able to access that share could see the whole file system, possibly bypassing intended access restrictions.

CPENameOperatorVersion
sambaeq3.0.25b__1.el4_6.5
sambaeq3.0.28__0.el5.8
sambaeq3.0.28__1.el5_2.1
sambaeq3.0.23c__2.el5.2
sambaeq3.0.25b__0.el5.4
sambaeq3.0.25b__1.el4_6.2
sambaeq3.0.25b__1.el5_1.2
sambaeq3.0.28__1.el5_2.3
sambaeq3.0.25b__1.el5_1.4
sambaeq3.0.33__3.7.el5

Rows per page:

1-10 of 381

References

lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

marc.info/?l=bugtraq&m=126514298313071&w=2

news.samba.org/releases/3.0.37/

news.samba.org/releases/3.2.15/

news.samba.org/releases/3.3.8/

news.samba.org/releases/3.4.2/

osvdb.org/57955

secunia.com/advisories/36701

secunia.com/advisories/36893

secunia.com/advisories/36918

secunia.com/advisories/36937

secunia.com/advisories/36953

secunia.com/advisories/37428

slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439

sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1

support.apple.com/kb/HT3865

wiki.rpath.com/Advisories:rPSA-2009-0145

www.redhat.com/security/updates/classification/#moderate

www.samba.org/samba/security/CVE-2009-2813.html

www.securityfocus.com/archive/1/507856/100/0/threaded

www.securityfocus.com/bid/36363

www.ubuntu.com/usn/USN-839-1

www.vupen.com/english/advisories/2009/2810

access.redhat.com/errata/RHSA-2009:1529

exchange.xforce.ibmcloud.com/vulnerabilities/53174

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7211

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7257

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7791

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9191

www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html

www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

Related for VERACODE:23911

prion1 seebug2 openvas42 ubuntucve1 debiancve1 cve1 samba1 nessus26 securityvulns2 slackware1 debian1 altlinux2 fedora4 osv1 oraclelinux1 redhat2 centos1 vmware2 ubuntu1