Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0022

Overview

Vulnerability Score 6.3 6.3
CVE Id CVE-2009-0022
Last Modified 07 Mar 2011 10:17:46
Published 05 Jan 2009 03:30:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2009-0022

Summary

Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name.

Vulnerable Systems

Application

  • Samba 3.2.0

  • Samba 3.2.1

  • Samba 3.2.2

  • Samba 3.2.3

  • Samba 3.2.4

  • Samba 3.2.5

  • Samba 3.2.6


References

FEDORA - FEDORA-2009-0268

XF - samba-file-system-security-bypass(47733)

VUPEN - ADV-2009-0017

UBUNTU - USN-702-1

SECTRACK - 1021513

BID - 33118

CONFIRM - http://www.samba.org/samba/security/CVE-2009-0022.html

MANDRIVA - MDVSA-2009:042

SECUNIA - 33431

SECUNIA - 33392

SECUNIA - 33379

OSVDB - 51152

MISC - http://master.samba.org/samba/ftp/patches/security/samba-3.2.6-CVE-2009-0022.patch


Last Updated: 27 May 2016 10:49:33