Description
mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.
References (21)
Core 21
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.samba.org/samba/security/CVE-2009-2948.html
Broken Link, Vendor Advisory x_refsource_confirm
http://news.samba.org/releases/3.4.2/
Patch, Third Party Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/58520
Broken Link, Patch, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022975
Broken Link, Vendor Advisory x_refsource_confirm
http://news.samba.org/releases/3.2.15/
Broken Link, Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7087
Patch, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/36572
Permissions Required, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2810
Patch, Third Party Advisory vendor-advisory
x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439
Not Applicable, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36937
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-839-1
Broken Link, Vendor Advisory x_refsource_confirm
http://news.samba.org/releases/3.0.37/
Broken Link, Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10434
Not Applicable, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36918
Not Applicable, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36893
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/53574
Broken Link, Vendor Advisory x_refsource_confirm
http://news.samba.org/releases/3.3.8/
Not Applicable, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36953
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
Patch, Third Party Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html
Scores
EPSS
0.0021
EPSS Percentile
43.3%
Details
CWE
CWE-732
Status
published
Products (1)
samba/samba
3.0.0 - 3.0.37
Published
Oct 07, 2009
Tracked Since
Feb 18, 2026