CVE-2009-2948
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
39.1%
mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.
Affected configurations
References
lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
news.samba.org/releases/3.0.37/
news.samba.org/releases/3.2.15/
news.samba.org/releases/3.3.8/
news.samba.org/releases/3.4.2/
osvdb.org/58520
secunia.com/advisories/36893
secunia.com/advisories/36918
secunia.com/advisories/36937
secunia.com/advisories/36953
slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439
www.samba.org/samba/security/CVE-2009-2948.html
www.securityfocus.com/bid/36572
www.securitytracker.com/id?1022975
www.ubuntu.com/usn/USN-839-1
www.vupen.com/english/advisories/2009/2810
exchange.xforce.ibmcloud.com/vulnerabilities/53574
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10434
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7087
www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html
www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
39.1%