CVE-2009-2948 Information

Description

mount.cifs in Samba 3.0 before 3.0.37 3.2 before 3.2.15 3.3 before 3.3.8 and 3.4 before 3.4.2 when mount.cifs is installed suid root does not properly enforce permissions which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the –verbose or -v option.

Reference

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://news.samba.org/releases/3.0.37/ http://news.samba.org/releases/3.2.15/ http://news.samba.org/releases/3.3.8/ http://news.samba.org/releases/3.4.2/ http://osvdb.org/58520 http://secunia.com/advisories/36893 http://secunia.com/advisories/36918 http://secunia.com/advisories/36937 http://secunia.com/advisories/36953 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439 http://www.samba.org/samba/security/CVE-2009-2948.html http://www.securityfocus.com/bid/36572 http://www.securitytracker.com/id?1022975 http://www.ubuntu.com/usn/USN-839-1 http://www.vupen.com/english/advisories/2009/2810 https://exchange.xforce.ibmcloud.com/vulnerabilities/53574 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10434 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A7087 https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html