Published: 14/09/2009 Updated: 10/10/2018

CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8

VMScore: 534

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Samba 3.4 prior to 3.4.2, 3.3 prior to 3.3.8, 3.2 prior to 3.2.15, and 3.0.12 up to and including 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.

Vulnerable Product	Search on Vulmon	Subscribe to Product
samba samba 3.4.1
samba samba 3.3
samba samba 3.3.6
samba samba 3.3.7
samba samba 3.2.10
samba samba 3.2.11
samba samba 3.2.13
samba samba 3.2.15
samba samba 3.0.17
samba samba 3.0.18
samba samba 3.0.21c
samba samba 3.0.22
samba samba 3.0.25
samba samba 3.0.25c
samba samba 3.0.26
samba samba 3.0.31
samba samba 3.0.32
samba samba 3.3.2
samba samba 3.3.3
samba samba 3.2.2
samba samba 3.2.7
samba samba 3.2
samba samba 3.2.12
samba samba 3.0.14
samba samba 3.0.14a
samba samba 3.0.20a
samba samba 3.0.20b
samba samba 3.0.21
samba samba 3.0.23b
samba samba 3.0.23c
samba samba 3.0.28
samba samba 3.0.28a
samba samba 3.0.35
samba samba 3.0.36
samba samba 3.3.0
samba samba 3.3.1
samba samba 3.2.4
samba samba 3.2.3
samba samba 3.2.0
samba samba 3.2.5
samba samba 3.0.12
samba samba 3.0.13
samba samba 3.0.19
samba samba 3.0.20
samba samba 3.0.23
samba samba 3.0.23a
samba samba 3.0.26a
samba samba 3.0.27
samba samba 3.0.27a
samba samba 3.0.33
samba samba 3.0.34
samba samba 3.4
samba samba 3.4.0
samba samba 3.3.4
samba samba 3.3.5
samba samba 3.2.1
samba samba 3.2.9
samba samba 3.2.8
samba samba 3.2.14
samba samba 3.2.6
samba samba 3.0.15
samba samba 3.0.16
samba samba 3.0.21a
samba samba 3.0.21b
samba samba 3.0.23d
samba samba 3.0.24
samba samba 3.0.25a
samba samba 3.0.25b
samba samba 3.0.29
samba samba 3.0.30
apple mac_os_x_server 10.5.8
apple mac_os_x 10.5.8
fedoraproject fedora 11

Debian Bug report logs - #550422 samba: CVE-2009-2813 sharing restriction bypass Package: samba; Maintainer for samba is Debian Samba Maintainers <pkg-samba-maint@listsaliothdebianorg>; Source for samba is src:samba (PTS, buildd, popcon) Reported by: Michael S Gilbert <michaelsgilbert@gmailcom> Date: Fri, 9 Oc ...

J David Hester discovered that Samba incorrectly handled users that lack home directories when the automated [homes] share is enabled An authenticated user could connect to that share name and gain access to the whole filesystem (CVE-2009-2813) ...

Several vulnerabilities have been discovered in samba, an implementation of the SMB/CIFS protocol for Unix systems, providing support for cross-platform file and printer sharing with other operating systems and more The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2948 The mountcifs utility is missing ...

CWE-264 http://secunia.com/advisories/36701 http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://support.apple.com/kb/HT3865 http://secunia.com/advisories/36893 http://news.samba.org/releases/3.2.15/http://secunia.com/advisories/36918 https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439 http://secunia.com/advisories/36937 http://secunia.com/advisories/36953 http://news.samba.org/releases/3.4.2/http://www.samba.org/samba/security/CVE-2009-2813.html https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html http://www.vupen.com/english/advisories/2009/2810 http://www.ubuntu.com/usn/USN-839-1 http://news.samba.org/releases/3.0.37/http://news.samba.org/releases/3.3.8/http://wiki.rpath.com/Advisories:rPSA-2009-0145 http://secunia.com/advisories/37428 http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1 http://osvdb.org/57955 http://www.securityfocus.com/bid/36363 http://marc.info/?l=bugtraq&m=126514298313071&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/53174 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9191 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7791 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7257 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7211 http://www.securityfocus.com/archive/1/507856/100/0/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550422 https://nvd.nist.gov https://usn.ubuntu.com/839-1/

CVE-2009-2813

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect