Lucene search

PRIOn knowledge basePRION:CVE-2009-2948

HistoryOct 07, 2009 - 6:30 p.m.

Path traversal

2009-10-0718:30:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

27.8%

JSON

mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.

CPENameOperatorVersion
sambage3.4.0
sambalt3.4.2
sambage3.3.0
sambalt3.3.8
sambage3.2.0
sambalt3.2.15
sambage3.0.0
sambalt3.0.37

Name	Operator	Version
samba	ge	3.4.0
samba	lt	3.4.2
samba	ge	3.3.0
samba	lt	3.3.8
samba	ge	3.2.0
samba	lt	3.2.15
samba	ge	3.0.0
samba	lt	3.0.37

References

lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

osvdb.org/58520

secunia.com/advisories/36893

secunia.com/advisories/36918

secunia.com/advisories/36937

secunia.com/advisories/36953

slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439

www.securityfocus.com/bid/36572

www.securitytracker.com/id?1022975

www.ubuntu.com/usn/USN-839-1

www.vupen.com/english/advisories/2009/2810

exchange.xforce.ibmcloud.com/vulnerabilities/53574

news.samba.org/releases/3.0.37/

news.samba.org/releases/3.2.15/

news.samba.org/releases/3.3.8/

news.samba.org/releases/3.4.2/

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10434

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7087

www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html

www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html

www.samba.org/samba/security/CVE-2009-2948.html