CVE-2009-2813 Information
Description
Samba 3.4 before 3.4.2 3.3 before 3.3.8 3.2 before 3.2.15 and 3.0.12 through 3.0.36 as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled Fedora 11 and other operating systems does not properly handle errors in resolving pathnames which allows remote authenticated users to bypass intended sharing restrictions and read create or modify files in certain circumstances involving user accounts that lack home directories.
Reference
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://marc.info/?l=bugtraq&m=126514298313071&w=2 http://news.samba.org/releases/3.0.37/ http://news.samba.org/releases/3.2.15/ http://news.samba.org/releases/3.3.8/ http://news.samba.org/releases/3.4.2/ http://osvdb.org/57955 http://secunia.com/advisories/36701 http://secunia.com/advisories/36893 http://secunia.com/advisories/36918 http://secunia.com/advisories/36937 http://secunia.com/advisories/36953 http://secunia.com/advisories/37428 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1 http://support.apple.com/kb/HT3865 http://wiki.rpath.com/Advisories:rPSA-2009-0145 http://www.samba.org/samba/security/CVE-2009-2813.html http://www.securityfocus.com/archive/1/507856/100/0/threaded http://www.securityfocus.com/bid/36363 http://www.ubuntu.com/usn/USN-839-1 http://www.vupen.com/english/advisories/2009/2810 https://exchange.xforce.ibmcloud.com/vulnerabilities/53174 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A7211 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A7257 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A7791 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9191 https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html
Share on: