CVE - CVE-2009-2813

CVE-ID
CVE-2009-2813	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2009-09-10-2 URL:http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html BID:36363 URL:http://www.securityfocus.com/bid/36363 BUGTRAQ:20091112 rPSA-2009-0145-1 samba samba-client samba-server samba-swat URL:http://www.securityfocus.com/archive/1/507856/100/0/threaded CONFIRM:http://news.samba.org/releases/3.0.37/ CONFIRM:http://news.samba.org/releases/3.2.15/ CONFIRM:http://news.samba.org/releases/3.3.8/ CONFIRM:http://news.samba.org/releases/3.4.2/ CONFIRM:http://support.apple.com/kb/HT3865 CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2009-0145 CONFIRM:http://www.samba.org/samba/security/CVE-2009-2813.html FEDORA:FEDORA-2009-10172 URL:https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html FEDORA:FEDORA-2009-10180 URL:https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html HP:HPSBUX02479 URL:http://marc.info/?l=bugtraq&m=126514298313071&w=2 HP:SSRT090212 URL:http://marc.info/?l=bugtraq&m=126514298313071&w=2 OSVDB:57955 URL:~~http://osvdb.org/57955~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:7211 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7211 OVAL:oval:org.mitre.oval:def:7257 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7257 OVAL:oval:org.mitre.oval:def:7791 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7791 OVAL:oval:org.mitre.oval:def:9191 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9191 SECUNIA:36701 URL:http://secunia.com/advisories/36701 SECUNIA:36893 URL:http://secunia.com/advisories/36893 SECUNIA:36918 URL:http://secunia.com/advisories/36918 SECUNIA:36937 URL:http://secunia.com/advisories/36937 SECUNIA:36953 URL:http://secunia.com/advisories/36953 SECUNIA:37428 URL:http://secunia.com/advisories/37428 SLACKWARE:SSA:2009-276-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439 SUNALERT:1021111 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1~~ (Obsolete source) SUSE:SUSE-SR:2009:017 URL:http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html UBUNTU:USN-839-1 URL:http://www.ubuntu.com/usn/USN-839-1 VUPEN:ADV-2009-2810 URL:~~http://www.vupen.com/english/advisories/2009/2810~~ (Obsolete source) XF:macosx-smb-security-bypass(53174) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/53174
Assigning CNA
MITRE Corporation
Date Record Created
20090817	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090817)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)