Lucene search

PRIOn knowledge basePRION:CVE-2009-0022

HistoryJan 05, 2009 - 8:30 p.m.

Cross site request forgery (csrf)

2009-01-0520:30:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

0.806 High

EPSS

Percentile

98.3%

JSON

Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name.

CPENameOperatorVersion
sambaeq3.2.5
sambaeq3.2.3
sambaeq3.2.4
sambaeq3.2.1
sambaeq3.2.2
sambaeq3.2.0
sambaeq3.2.6

Name	Operator	Version
samba	eq	3.2.5
samba	eq	3.2.3
samba	eq	3.2.4
samba	eq	3.2.1
samba	eq	3.2.2
samba	eq	3.2.0
samba	eq	3.2.6

References

osvdb.org/51152

secunia.com/advisories/33379

secunia.com/advisories/33392

secunia.com/advisories/33431

www.mandriva.com/security/advisories?name=MDVSA-2009:042

www.securityfocus.com/bid/33118

www.securitytracker.com/id?1021513

www.vupen.com/english/advisories/2009/0017

exchange.xforce.ibmcloud.com/vulnerabilities/47733

master.samba.org/samba/ftp/patches/security/samba-3.2.6-CVE-2009-0022.patch

usn.ubuntu.com/702-1/

www.redhat.com/archives/fedora-package-announce/2009-January/msg00309.html

www.samba.org/samba/security/CVE-2009-0022.html