1.9

CVE-2009-2948

mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaSamba Version >= 3.0.0 < 3.0.37
SambaSamba Version >= 3.2.0 < 3.2.15
SambaSamba Version >= 3.3.0 < 3.3.8
SambaSamba Version >= 3.4.0 < 3.4.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.52% 0.399
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 1.9 3.4 2.9
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/36918
Vendor Advisory
Not Applicable
http://www.ubuntu.com/usn/USN-839-1
Third Party Advisory
http://news.samba.org/releases/3.0.37/
Vendor Advisory
Broken Link
http://news.samba.org/releases/3.2.15/
Vendor Advisory
Broken Link
http://news.samba.org/releases/3.3.8/
Vendor Advisory
Broken Link
http://news.samba.org/releases/3.4.2/
Vendor Advisory
Broken Link
http://secunia.com/advisories/36893
Vendor Advisory
Not Applicable
http://secunia.com/advisories/36937
Vendor Advisory
Not Applicable
http://secunia.com/advisories/36953
Vendor Advisory
Not Applicable
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439
Patch
Third Party Advisory
http://www.vupen.com/english/advisories/2009/2810
Vendor Advisory
Permissions Required
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html
Patch
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html
Patch
Third Party Advisory
http://osvdb.org/58520
Broken Link
http://www.samba.org/samba/security/CVE-2009-2948.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/36572
Patch
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1022975
Patch
Third Party Advisory
Broken Link
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/53574
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10434
Third Party Advisory
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7087
Third Party Advisory
Broken Link