[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-2813Date: (C)2009-09-14   (M)2023-12-22


Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.0
Exploit Score: 6.8
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SUNALERT-1021111
http://www.securityfocus.com/archive/1/507856/100/0/threaded
BID-36363
SECUNIA-36701
SECUNIA-36893
SECUNIA-36918
SECUNIA-36937
SECUNIA-36953
SECUNIA-37428
OSVDB-57955
ADV-2009-2810
APPLE-SA-2009-09-10-2
FEDORA-2009-10172
FEDORA-2009-10180
SSA:2009-276-01
SSRT090212
SUSE-SR:2009:017
USN-839-1
http://news.samba.org/releases/3.0.37/
http://news.samba.org/releases/3.2.15/
http://news.samba.org/releases/3.3.8/
http://news.samba.org/releases/3.4.2/
http://support.apple.com/kb/HT3865
http://wiki.rpath.com/Advisories:rPSA-2009-0145
http://www.samba.org/samba/security/CVE-2009-2813.html
macosx-smb-security-bypass(53174)
oval:org.mitre.oval:def:7211
oval:org.mitre.oval:def:7257
oval:org.mitre.oval:def:7791
oval:org.mitre.oval:def:9191

CPE    73
cpe:/a:samba:samba:3.0.25a
cpe:/o:apple:mac_os_x_server:10.5.8
cpe:/a:samba:samba:3.0.21a
cpe:/a:samba:samba:3.0.25c
...
CWE    1
CWE-264
OVAL    13
oval:org.secpod.oval:def:202797
oval:org.secpod.oval:def:202752
oval:org.secpod.oval:def:700358
oval:org.secpod.oval:def:102120
...

© SecPod Technologies