CVE-2009-2813

medium

Description

Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.

References

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9191

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7791

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7257

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7211

https://exchange.xforce.ibmcloud.com/vulnerabilities/53174

http://www.vupen.com/english/advisories/2009/2810

http://www.ubuntu.com/usn/USN-839-1

http://www.securityfocus.com/bid/36363

http://www.securityfocus.com/archive/1/507856/100/0/threaded

http://www.samba.org/samba/security/CVE-2009-2813.html

http://wiki.rpath.com/Advisories:rPSA-2009-0145

http://support.apple.com/kb/HT3865

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439

http://secunia.com/advisories/37428

http://secunia.com/advisories/36953

http://secunia.com/advisories/36937

http://secunia.com/advisories/36918

http://secunia.com/advisories/36893

http://secunia.com/advisories/36701

http://osvdb.org/57955

http://news.samba.org/releases/3.4.2/

http://news.samba.org/releases/3.3.8/

http://news.samba.org/releases/3.2.15/

http://news.samba.org/releases/3.0.37/

http://marc.info/?l=bugtraq&m=126514298313071&w=2

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

Details

Source: Mitre, NVD

Published: 2009-09-14

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Severity: Medium