Samba is vulnerable to Information Disclosure. The mount.cifs program printed CIFS passwords as part of its debug output when running in verbose mode. When mount.cifs had the setuid bit set, a local, unprivileged user could use this flaw to disclose passwords from a file that would otherwise be inaccessible to that user. Note: mount.cifs from the samba packages distributed by Red Hat does not have the setuid bit set. This flaw only affected systems where the setuid bit was manually set by an administrator.
lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
news.samba.org/releases/3.0.37/
news.samba.org/releases/3.2.15/
news.samba.org/releases/3.3.8/
news.samba.org/releases/3.4.2/
osvdb.org/58520
secunia.com/advisories/36893
secunia.com/advisories/36918
secunia.com/advisories/36937
secunia.com/advisories/36953
slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439
www.redhat.com/security/updates/classification/#moderate
www.samba.org/samba/security/CVE-2009-2948.html
www.securityfocus.com/bid/36572
www.securitytracker.com/id?1022975
www.ubuntu.com/usn/USN-839-1
www.vupen.com/english/advisories/2009/2810
access.redhat.com/errata/RHSA-2009:1529
exchange.xforce.ibmcloud.com/vulnerabilities/53574
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10434
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7087
www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html
www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html