Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2948

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2009-2948
Last Modified 21 Aug 2010 01:34:51
Published 07 Oct 2009 02:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2009-2948

Summary

mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.

Vulnerable Systems

Application

  • Samba 3.0

  • Samba 3.0.0

  • Samba 3.0.1

  • Samba 3.0.10

  • Samba 3.0.11

  • Samba 3.0.13

  • Samba 3.0.14

  • Samba 3.0.14a

  • Samba 3.0.15

  • Samba 3.0.16

  • Samba 3.0.17

  • Samba 3.0.18

  • Samba 3.0.19

  • Samba 3.0.2

  • Samba 3.0.20

  • Samba 3.0.20a

  • Samba 3.0.20b

  • Samba 3.0.21

  • Samba 3.0.21a

  • Samba 3.0.21b

  • Samba 3.0.21c

  • Samba 3.0.22

  • Samba 3.0.23

  • Samba 3.0.23a

  • Samba 3.0.23b

  • Samba 3.0.23c

  • Samba 3.0.23d

  • Samba 3.0.24

  • Samba 3.0.25

  • Samba 3.0.25a

  • Samba 3.0.25b

  • Samba 3.0.25c

  • Samba 3.0.26

  • Samba 3.0.26a

  • Samba 3.0.27

  • Samba 3.0.28a

  • Samba 3.0.29

  • Samba 3.0.2a

  • Samba 3.0.3

  • Samba 3.0.30

  • Samba 3.0.31

  • Samba 3.0.32

  • Samba 3.0.33

  • Samba 3.0.34

  • Samba 3.0.4

  • Samba 3.0.5

  • Samba 3.0.6

  • Samba 3.0.7

  • Samba 3.0.8

  • Samba 3.0.9

  • Samba 3.2

  • Samba 3.2.0

  • Samba 3.2.1

  • Samba 3.2.10

  • Samba 3.2.11

  • Samba 3.2.12

  • Samba 3.2.2

  • Samba 3.2.3

  • Samba 3.2.4

  • Samba 3.2.5

  • Samba 3.2.7

  • Samba 3.2.8

  • Samba 3.2.9

  • Samba 3.3

  • Samba 3.3.1

  • Samba 3.3.2

  • Samba 3.3.4

  • Samba 3.3.5

  • Samba 3.4


References

FEDORA - FEDORA-2009-10172

FEDORA - FEDORA-2009-10180

UBUNTU - USN-839-1

SECTRACK - 1022975

BID - 36572

CONFIRM - http://www.samba.org/samba/security/CVE-2009-2948.html

SLACKWARE - SSA:2009-276-01

XF - samba-mountcifs-info-disclosure(53574)

VUPEN - ADV-2009-2810

SECUNIA - 36953

SECUNIA - 36937

SECUNIA - 36918

SECUNIA - 36893

OSVDB - 58520

CONFIRM - http://news.samba.org/releases/3.4.2/

CONFIRM - http://news.samba.org/releases/3.3.8/

CONFIRM - http://news.samba.org/releases/3.2.15/

CONFIRM - http://news.samba.org/releases/3.0.37/

SUSE - SUSE-SR:2009:017


Last Updated: 27 May 2016 10:51:04