CVE-2009-2813

Sažetak

Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.

Reference

http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
http://marc.info/?l=bugtraq&m=126514298313071&w=2
http://news.samba.org/releases/3.0.37/
http://news.samba.org/releases/3.2.15/
http://news.samba.org/releases/3.3.8/
http://news.samba.org/releases/3.4.2/
http://osvdb.org/57955
http://secunia.com/advisories/36701
http://secunia.com/advisories/36893
http://secunia.com/advisories/36918
http://secunia.com/advisories/36937
http://secunia.com/advisories/36953
http://secunia.com/advisories/37428
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1
http://support.apple.com/kb/HT3865
http://wiki.rpath.com/Advisories:rPSA-2009-0145
http://www.samba.org/samba/security/CVE-2009-2813.html
http://www.securityfocus.com/archive/1/507856/100/0/threaded
http://www.securityfocus.com/bid/36363
http://www.ubuntu.com/usn/USN-839-1
http://www.vupen.com/english/advisories/2009/2810
https://exchange.xforce.ibmcloud.com/vulnerabilities/53174
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7211
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7257
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7791
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9191
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html

CVSS

Base:	6.0
Impact:	6.4
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

10-10-2018 - 19:42

Objavljeno

14-09-2009 - 16:30