CVE - CVE-2009-2813

CVE-ID
CVE-2009-2813	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20091112 rPSA-2009-0145-1 samba samba-client samba-server samba-swat URL:http://www.securityfocus.com/archive/1/507856/100/0/threaded CONFIRM:http://support.apple.com/kb/HT3865 CONFIRM:http://news.samba.org/releases/3.0.37/ CONFIRM:http://news.samba.org/releases/3.2.15/ CONFIRM:http://news.samba.org/releases/3.3.8/ CONFIRM:http://news.samba.org/releases/3.4.2/ CONFIRM:http://www.samba.org/samba/security/CVE-2009-2813.html CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2009-0145 APPLE:APPLE-SA-2009-09-10-2 URL:http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html FEDORA:FEDORA-2009-10172 URL:https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html FEDORA:FEDORA-2009-10180 URL:https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html HP:HPSBUX02479 URL:http://marc.info/?l=bugtraq&m=126514298313071&w=2 HP:SSRT090212 URL:http://marc.info/?l=bugtraq&m=126514298313071&w=2 SLACKWARE:SSA:2009-276-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439 SUNALERT:1021111 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1 SUSE:SUSE-SR:2009:017 URL:http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html UBUNTU:USN-839-1 URL:http://www.ubuntu.com/usn/USN-839-1 BID:36363 URL:http://www.securityfocus.com/bid/36363 OSVDB:57955 URL:http://osvdb.org/57955 OVAL:oval:org.mitre.oval:def:7211 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7211 OVAL:oval:org.mitre.oval:def:7791 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7791 OVAL:oval:org.mitre.oval:def:9191 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9191 OVAL:oval:org.mitre.oval:def:7257 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7257 SECUNIA:36701 URL:http://secunia.com/advisories/36701 SECUNIA:36893 URL:http://secunia.com/advisories/36893 SECUNIA:36918 URL:http://secunia.com/advisories/36918 SECUNIA:36937 URL:http://secunia.com/advisories/36937 SECUNIA:36953 URL:http://secunia.com/advisories/36953 SECUNIA:37428 URL:http://secunia.com/advisories/37428 VUPEN:ADV-2009-2810 URL:http://www.vupen.com/english/advisories/2009/2810 XF:macosx-smb-security-bypass(53174) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/53174
Assigning CNA
N/A
Date Entry Created
20090817	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090817)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.