Lucene search

[email protected]CVE-2009-2813

HistorySep 14, 2009 - 4:30 p.m.

CVE-2009-2813

2009-09-1416:30:00

CWE-264

[email protected]

web.nvd.nist.gov

samba

cve-2009-2813

smb

path traversal

remote authenticated users

sharing restrictions

nvd

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.1%

JSON

Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.

Affected configurations

NVD

Node

sambasambaMatch3.0.12

sambasambaMatch3.0.13

sambasambaMatch3.0.14

sambasambaMatch3.0.14a

sambasambaMatch3.0.15

sambasambaMatch3.0.16

sambasambaMatch3.0.17

sambasambaMatch3.0.18

sambasambaMatch3.0.19

sambasambaMatch3.0.20

sambasambaMatch3.0.20a

sambasambaMatch3.0.20b

sambasambaMatch3.0.21

sambasambaMatch3.0.21a

sambasambaMatch3.0.21b

sambasambaMatch3.0.21c

sambasambaMatch3.0.22

sambasambaMatch3.0.23

sambasambaMatch3.0.23a

sambasambaMatch3.0.23b

sambasambaMatch3.0.23c

sambasambaMatch3.0.23d

sambasambaMatch3.0.24

sambasambaMatch3.0.25

sambasambaMatch3.0.25pre1

sambasambaMatch3.0.25pre2

sambasambaMatch3.0.25rc1

sambasambaMatch3.0.25rc2

sambasambaMatch3.0.25rc3

sambasambaMatch3.0.25a

sambasambaMatch3.0.25b

sambasambaMatch3.0.25c

sambasambaMatch3.0.26

sambasambaMatch3.0.26a

sambasambaMatch3.0.27

sambasambaMatch3.0.27a

sambasambaMatch3.0.28

sambasambaMatch3.0.28a

sambasambaMatch3.0.29

sambasambaMatch3.0.30

sambasambaMatch3.0.31

sambasambaMatch3.0.32

sambasambaMatch3.0.33

sambasambaMatch3.0.34

sambasambaMatch3.0.35

sambasambaMatch3.0.36

sambasambaMatch3.2

sambasambaMatch3.2.0

sambasambaMatch3.2.1

sambasambaMatch3.2.2

sambasambaMatch3.2.3

sambasambaMatch3.2.4

sambasambaMatch3.2.5

sambasambaMatch3.2.6

sambasambaMatch3.2.7

sambasambaMatch3.2.8

sambasambaMatch3.2.9

sambasambaMatch3.2.10

sambasambaMatch3.2.11

sambasambaMatch3.2.12

sambasambaMatch3.2.13

sambasambaMatch3.2.14

sambasambaMatch3.2.15

sambasambaMatch3.3

sambasambaMatch3.3.0

sambasambaMatch3.3.1

sambasambaMatch3.3.2

sambasambaMatch3.3.3

sambasambaMatch3.3.4

sambasambaMatch3.3.5

sambasambaMatch3.3.6

sambasambaMatch3.3.7

sambasambaMatch3.4

sambasambaMatch3.4.0

sambasambaMatch3.4.1

AND

applemac_os_xMatch10.5.8

applemac_os_x_serverMatch10.5.8

Node

fedoraprojectfedoraMatch11

CPENameOperatorVersion
samba:sambasambaeq3.0.12
samba:sambasambaeq3.0.13
samba:sambasambaeq3.0.14
samba:sambasambaeq3.0.14a
samba:sambasambaeq3.0.15
samba:sambasambaeq3.0.16
samba:sambasambaeq3.0.17
samba:sambasambaeq3.0.18
samba:sambasambaeq3.0.19
samba:sambasambaeq3.0.20

CPE	Name	Operator	Version
samba:samba	samba	eq	3.0.12
samba:samba	samba	eq	3.0.13
samba:samba	samba	eq	3.0.14
samba:samba	samba	eq	3.0.14a
samba:samba	samba	eq	3.0.15
samba:samba	samba	eq	3.0.16
samba:samba	samba	eq	3.0.17
samba:samba	samba	eq	3.0.18
samba:samba	samba	eq	3.0.19
samba:samba	samba	eq	3.0.20