1.9

CVE-2009-2948

mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.

Data is provided by the National Vulnerability Database (NVD)
SambaSamba Version >= 3.0.0 < 3.0.37
SambaSamba Version >= 3.2.0 < 3.2.15
SambaSamba Version >= 3.3.0 < 3.3.8
SambaSamba Version >= 3.4.0 < 3.4.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.14% 0.354
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 1.9 3.4 2.9
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

http://secunia.com/advisories/36918
Vendor Advisory
Not Applicable
http://news.samba.org/releases/3.0.37/
Vendor Advisory
Broken Link
http://news.samba.org/releases/3.2.15/
Vendor Advisory
Broken Link
http://news.samba.org/releases/3.3.8/
Vendor Advisory
Broken Link
http://news.samba.org/releases/3.4.2/
Vendor Advisory
Broken Link
http://secunia.com/advisories/36893
Vendor Advisory
Not Applicable
http://secunia.com/advisories/36937
Vendor Advisory
Not Applicable
http://secunia.com/advisories/36953
Vendor Advisory
Not Applicable
http://www.vupen.com/english/advisories/2009/2810
Vendor Advisory
Permissions Required
http://www.securityfocus.com/bid/36572
Patch
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1022975
Patch
Third Party Advisory
Broken Link
VDB Entry