CVE-2009-2813

Samba 3.0.12-3.0.36, 3.2-3.2.14, 3.3-3.3.7, 3.4-3.4.1 - Authenticated Path Traversal

Title source: llm
STIX 2.1

Description

Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.

References (30)

Core 30
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/507856/100/0/threaded
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=126514298313071&w=2
Release Notes x_refsource_confirm
http://news.samba.org/releases/3.4.2/
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9191
Release Notes x_refsource_confirm
http://news.samba.org/releases/3.2.15/
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2810
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37428
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36937
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-839-1
Release Notes x_refsource_confirm
http://news.samba.org/releases/3.0.37/
Vendor Advisory x_refsource_confirm
http://www.samba.org/samba/security/CVE-2009-2813.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7257
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3865
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36363
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36918
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36701
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36893
Release Notes x_refsource_confirm
http://news.samba.org/releases/3.3.8/
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36953
Third Party Advisory x_refsource_confirm
http://wiki.rpath.com/Advisories:rPSA-2009-0145
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7211
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/53174
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7791
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/57955

Scores

EPSS 0.0085
EPSS Percentile 75.1%

Details

CWE
CWE-264
Status published
Products (45)
apple/mac_os_x 10.5.8
apple/mac_os_x_server 10.5.8
fedoraproject/fedora 11
samba/samba 3.0.12
samba/samba 3.0.13
samba/samba 3.0.14
samba/samba 3.0.14a
samba/samba 3.0.15
samba/samba 3.0.16
samba/samba 3.0.17
... and 35 more
Published Sep 14, 2009
Tracked Since Feb 18, 2026