Lucene search
UbuntuUSN-893-1HistoryJan 28, 2010 - 12:00 a.m.
Samba vulnerability
2010-01-2800:00:00
ubuntu.com
67
CVSS2
4.4
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
AI Score
5.3
Confidence
High
EPSS
0.002
Percentile
59.8%
Releases
- Ubuntu 9.10
- Ubuntu 9.04
- Ubuntu 8.10
- Ubuntu 8.04
- Ubuntu 6.06
Packages
- samba -
Details
Ronald Volgers discovered that the mount.cifs utility, when installed as a
setuid program, suffered from a race condition when verifying user
permissions. A local attacker could trick samba into mounting over
arbitrary locations, leading to a root privilege escalation.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 9.10 | noarch | smbfs | <Â 2:3.4.0-3ubuntu5.4 | UNKNOWN |
| Ubuntu | 9.10 | noarch | libpam-smbpass | <Â 2:3.4.0-3ubuntu5.4 | UNKNOWN |
| Ubuntu | 9.10 | noarch | libsmbclient | <Â 2:3.4.0-3ubuntu5.4 | UNKNOWN |
| Ubuntu | 9.10 | noarch | libsmbclient-dev | <Â 2:3.4.0-3ubuntu5.4 | UNKNOWN |
| Ubuntu | 9.10 | noarch | libwbclient0 | <Â 2:3.4.0-3ubuntu5.4 | UNKNOWN |
| Ubuntu | 9.10 | noarch | samba | <Â 2:3.4.0-3ubuntu5.4 | UNKNOWN |
| Ubuntu | 9.10 | noarch | samba-common-bin | <Â 2:3.4.0-3ubuntu5.4 | UNKNOWN |
| Ubuntu | 9.10 | noarch | samba-dbg | <Â 2:3.4.0-3ubuntu5.4 | UNKNOWN |
| Ubuntu | 9.10 | noarch | samba-tools | <Â 2:3.4.0-3ubuntu5.4 | UNKNOWN |
| Ubuntu | 9.10 | noarch | smbclient | <Â 2:3.4.0-3ubuntu5.4 | UNKNOWN |
Related
openvas
openvas
Samba 'mount.cifs' Utility Local Privilege Escalation Vulnerability
2010-01-29 00:00:00
Ubuntu: Security Advisory (USN-893-1)
2010-01-29 00:00:00
Debian: Security Advisory (DSA-2004-1)
2010-03-16 00:00:00
nessus
nessus
Fedora 12 : samba-3.4.5-55.fc12 (2010-1218)
2010-07-01 00:00:00
Debian DSA-2004-1 : samba - several vulnerabilities
2010-03-02 00:00:00
Fedora 12 : samba-3.4.9-60.fc12 (2010-14678)
2010-09-16 00:00:00
osv
osv
samba - several vulnerabilities
2010-02-28 00:00:00
fuse-2.9.5-1.6 on GA media
2024-06-15 00:00:00
cifs-utils-6.5-1.5 on GA media
2024-06-15 00:00:00
cve
cve
CVE-2009-3297
2010-03-02 18:30:00
CVE-2010-0787
2010-03-02 18:30:01
nvd
nvd
CVE-2009-3297
2010-03-02 18:30:00
CVE-2010-0787
2010-03-02 18:30:01
altlinux
altlinux
Security fix for the ALT Linux 5 package fuse version 2.8.2-alt1
2010-01-27 00:00:00
Security fix for the ALT Linux 6 package ncpfs version 2.2.6-alt9
2011-03-09 00:00:00
seebug
seebug
Samba 'mount.cifs'ćŹĺ°çšććĺćźć´
2010-02-02 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: ncpfs-2.2.6-12.fc11
2010-01-28 01:03:13
[SECURITY] Fedora 12 Update: samba-3.4.5-55.fc12
2010-01-29 03:33:35
[SECURITY] Fedora 11 Update: fuse-2.8.1-2.fc11
2010-02-01 01:08:01
debian
debian
[SECURITY] [DSA-1989-1] New fuse packages fix denial of service
2010-02-02 22:57:09
[SECURITY] [DSA-1989-1] New fuse packages fix denial of service
2010-02-02 22:57:09
[SECURITY] [DSA 2004-1] New samba packages fix several vulnerabilities
2010-02-28 21:55:00
securityvulns
securityvulns
Samba race conditions
2010-02-04 00:00:00
[USN-893-1] Samba vulnerability
2010-02-04 00:00:00
ncpfs, Multiple Vulnerabilities
2010-03-11 00:00:00
cvelist
cvelist
CVE-2009-3297
2010-03-02 18:00:00
CVE-2010-0787
2010-03-02 18:00:00
ubuntucve
ubuntucve
CVE-2010-0787
2010-03-02 00:00:00
prion
prion
Directory traversal
2010-03-02 18:30:00
debiancve
debiancve
CVE-2010-0787
2010-03-02 18:30:01
veracode
veracode
Symlink Attack
2020-04-10 00:51:48
ubuntu
ubuntu
FUSE vulnerability
2010-01-28 00:00:00
gentoo
gentoo
mount-cifs: Multiple vulnerabilites
2012-06-25 00:00:00
suse
suse
potential remote code execution in samba
2010-07-01 11:11:15
Security update for Samba (critical)
2012-03-09 17:08:16
centos
centos
libsmbclient, samba security update
2011-08-29 21:13:06
redhat
redhat
(RHSA-2011:1219) Moderate: samba security update
2011-08-29 00:00:00
oraclelinux
oraclelinux
samba security update
2011-08-29 00:00:00
samba security, bug fix, and enhancement update
2012-03-01 00:00:00
vmware
vmware
VMware ESXi and ESX updates to third party library and ESX Service Console
2012-01-30 00:00:00
VMware ESXi and ESX updates to third party library and ESX Service Console
2012-01-30 00:00:00
CVSS2
4.4
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
AI Score
5.3
Confidence
High
EPSS
0.002
Percentile
59.8%
Related for USN-893-1