Computer Security
[EN] securityvulns.ru no-pyccku


Samba multiple security vulnerabilities
Published:14.10.2009
Source:
SecurityVulns ID:10322
Type:remote
Threat Level:
6/10
Description:Local privileged files access, DoS, unauthorized remote access.
Affected:SAMBA : Samba 3.0
 SAMBA : Samba 3.2
 SAMBA : Samba 3.1
 SAMBA : Samba 3.3
 SAMBA : Samba 3.4
CVE:CVE-2009-2948 (mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.)
 CVE-2009-2906 (smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.)
 CVE-2009-2813 (Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1908-1] New samba packages fix several vulnerabilities (14.10.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod