Published: 05/01/2009 Updated: 03/10/2018

CVSS v2 Base Score: 6.3 | Impact Score: 6.9 | Exploitability Score: 6.8

VMScore: 561

Vector: AV:N/AC:M/Au:S/C:C/I:N/A:N

Samba 3.2.0 up to and including 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name.

Vulnerable Product	Search on Vulmon	Subscribe to Product
samba samba 3.2.6
samba samba 3.2.0
samba samba 3.2.5
samba samba 3.2.4
samba samba 3.2.3
samba samba 3.2.2
samba samba 3.2.1

Gunter Höckel discovered that Samba with registry shares enabled did not properly validate share names An authenticated user could gain access to the root filesystem by using an older version of smbclient and specifying an empty string as a share name This is only an issue if registry shares are enabled on the server by setting “registry share ...

CWE-20 http://secunia.com/advisories/33379 http://www.samba.org/samba/security/CVE-2009-0022.html http://master.samba.org/samba/ftp/patches/security/samba-3.2.6-CVE-2009-0022.patch http://secunia.com/advisories/33431 https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00309.html http://osvdb.org/51152 http://www.securityfocus.com/bid/33118 http://secunia.com/advisories/33392 http://www.securitytracker.com/id?1021513 http://www.mandriva.com/security/advisories?name=MDVSA-2009:042 http://www.vupen.com/english/advisories/2009/0017 https://exchange.xforce.ibmcloud.com/vulnerabilities/47733 https://usn.ubuntu.com/702-1/https://usn.ubuntu.com/702-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-0022

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect