Lucene search

[email protected]CVE-2009-2948

HistoryOct 07, 2009 - 6:30 p.m.

CVE-2009-2948

2009-10-0718:30:00

CWE-732

[email protected]

web.nvd.nist.gov

samba

mount.cifs

vulnerability

local users

passwords

nvd

cve-2009-2948

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

27.7%

JSON

mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.

Affected configurations

NVD

Node

sambasambaRange3.0.0–3.0.37

sambasambaRange3.2.0–3.2.15

sambasambaRange3.3.0–3.3.8

sambasambaRange3.4.0–3.4.2

CPENameOperatorVersion
samba:sambasambalt3.0.37
samba:sambasambalt3.2.15
samba:sambasambalt3.3.8
samba:sambasambalt3.4.2

CPE	Name	Operator	Version
samba:samba	samba	lt	3.0.37
samba:samba	samba	lt	3.2.15
samba:samba	samba	lt	3.3.8
samba:samba	samba	lt	3.4.2

References

lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

news.samba.org/releases/3.0.37/

news.samba.org/releases/3.2.15/

news.samba.org/releases/3.3.8/

news.samba.org/releases/3.4.2/

osvdb.org/58520

secunia.com/advisories/36893

secunia.com/advisories/36918

secunia.com/advisories/36937

secunia.com/advisories/36953

slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439

www.samba.org/samba/security/CVE-2009-2948.html

www.securityfocus.com/bid/36572

www.securitytracker.com/id?1022975

www.ubuntu.com/usn/USN-839-1

www.vupen.com/english/advisories/2009/2810

exchange.xforce.ibmcloud.com/vulnerabilities/53574

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10434

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7087

www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html

www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

27.7%

JSON

Related for CVE-2009-2948

samba1 nvd1 veracode1 debiancve1 ubuntucve1 prion1 seebug1 cvelist1 slackware1 openvas40 debian1 securityvulns2 nessus26 fedora4 altlinux2 osv1 oraclelinux1 redhat2 centos1 vmware2 ubuntu1 gentoo1