CVE-2009-2813

14.09.2009, 16:30

Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:S/C:P/I:P/A:P
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 57%

Vendor	Product	Version
samba	samba	3.0.12
samba	samba	3.0.13
samba	samba	3.0.14
samba	samba	3.0.14a:a
samba	samba	3.0.15
samba	samba	3.0.16
samba	samba	3.0.17
samba	samba	3.0.18
samba	samba	3.0.19
samba	samba	3.0.20
samba	samba	3.0.20a:a
samba	samba	3.0.20b:b
samba	samba	3.0.21
samba	samba	3.0.21a:a
samba	samba	3.0.21b:b
samba	samba	3.0.21c:c
samba	samba	3.0.22
samba	samba	3.0.23
samba	samba	3.0.23a:a
samba	samba	3.0.23b:b
samba	samba	3.0.23c:c
samba	samba	3.0.23d:d
samba	samba	3.0.24
samba	samba	3.0.25
samba	samba	3.0.25:pre1
samba	samba	3.0.25:pre2
samba	samba	3.0.25:rc1
samba	samba	3.0.25:rc2
samba	samba	3.0.25:rc3
samba	samba	3.0.25a:a
samba	samba	3.0.25b:b
samba	samba	3.0.25c:c
samba	samba	3.0.26
samba	samba	3.0.26a:a
samba	samba	3.0.27
samba	samba	3.0.27a:a
samba	samba	3.0.28
samba	samba	3.0.28a:a
samba	samba	3.0.29
samba	samba	3.0.30
samba	samba	3.0.31
samba	samba	3.0.32
samba	samba	3.0.33
samba	samba	3.0.34
samba	samba	3.0.35
samba	samba	3.0.36
samba	samba	3.2
samba	samba	3.2.0
samba	samba	3.2.1
samba	samba	3.2.2
samba	samba	3.2.3
samba	samba	3.2.4
samba	samba	3.2.5
samba	samba	3.2.6
samba	samba	3.2.7
samba	samba	3.2.8
samba	samba	3.2.9
samba	samba	3.2.10
samba	samba	3.2.11
samba	samba	3.2.12
samba	samba	3.2.13
samba	samba	3.2.14
samba	samba	3.2.15
samba	samba	3.3
samba	samba	3.3.0
samba	samba	3.3.1
samba	samba	3.3.2
samba	samba	3.3.3
samba	samba	3.3.4
samba	samba	3.3.5
samba	samba	3.3.6
samba	samba	3.3.7
samba	samba	3.4
samba	samba	3.4.0
samba	samba	3.4.1
apple	mac_os_x	10.5.8
apple	mac_os_x_server	10.5.8

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

samba

bullseye (security)	2:4.13.13+dfsg-1~deb11u6 fixed
bullseye	2:4.13.13+dfsg-1~deb11u6 fixed
bookworm	2:4.17.12+dfsg-0+deb12u1 fixed
bookworm (security)	2:4.17.12+dfsg-0+deb12u1 fixed
sid	2:4.21.1+dfsg-2 fixed
trixie	2:4.21.1+dfsg-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

samba

jaunty	Fixed 2:3.3.2-1ubuntu3.2 released
intrepid	Fixed 2:3.2.3-1ubuntu3.6 released
hardy	Fixed 3.0.28a-1ubuntu4.9 released
dapper	Fixed 3.0.22-1ubuntu3.9 released

Common Weakness Enumeration

CWE-264 -

References

http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

http://marc.info/?l=bugtraq&m=126514298313071&w=2

http://marc.info/?l=bugtraq&m=126514298313071&w=2

http://news.samba.org/releases/3.0.37/

http://news.samba.org/releases/3.2.15/

http://news.samba.org/releases/3.3.8/

http://news.samba.org/releases/3.4.2/

http://osvdb.org/57955

http://secunia.com/advisories/36701

http://secunia.com/advisories/36893

http://secunia.com/advisories/36918

http://secunia.com/advisories/36937

http://secunia.com/advisories/36953

http://secunia.com/advisories/37428

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1

http://support.apple.com/kb/HT3865

http://wiki.rpath.com/Advisories:rPSA-2009-0145

http://www.samba.org/samba/security/CVE-2009-2813.html

http://www.securityfocus.com/archive/1/507856/100/0/threaded

http://www.securityfocus.com/bid/36363

http://www.ubuntu.com/usn/USN-839-1

http://www.vupen.com/english/advisories/2009/2810

https://exchange.xforce.ibmcloud.com/vulnerabilities/53174

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7211

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7257

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7791

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9191

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html

http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

http://marc.info/?l=bugtraq&m=126514298313071&w=2

http://marc.info/?l=bugtraq&m=126514298313071&w=2

http://news.samba.org/releases/3.0.37/

http://news.samba.org/releases/3.2.15/

http://news.samba.org/releases/3.3.8/

http://news.samba.org/releases/3.4.2/

http://osvdb.org/57955

http://secunia.com/advisories/36701

http://secunia.com/advisories/36893

http://secunia.com/advisories/36918

http://secunia.com/advisories/36937

http://secunia.com/advisories/36953

http://secunia.com/advisories/37428

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1

http://support.apple.com/kb/HT3865

http://wiki.rpath.com/Advisories:rPSA-2009-0145

http://www.samba.org/samba/security/CVE-2009-2813.html

http://www.securityfocus.com/archive/1/507856/100/0/threaded

http://www.securityfocus.com/bid/36363

http://www.ubuntu.com/usn/USN-839-1

http://www.vupen.com/english/advisories/2009/2810

https://exchange.xforce.ibmcloud.com/vulnerabilities/53174

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7211

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7257

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7791

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9191

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html