CVE-2009-2948
samba: information disclosure in suid mount.cifs
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.
mount.cifs en Samba v3.0 anterior a v3.0.37, v3.2 anterior a v3.2.15, v3.3 anterior a v3.3.8 y v3.4 anterior a v3.4.2, cuando mount.cifs es instalado con el suid root, no refuerza los permisos adecuadamente, lo que permite a usuarios locales leer parte del archivo de credenciales y obtener la contraseña especificando la ruta al archivo de credenciales y usando la opción --verbose o -v.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-08-23 CVE Reserved
- 2009-10-02 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (22)
URL | Tag | Source |
---|---|---|
http://osvdb.org/58520 | Broken Link | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/53574 | Third Party Advisory | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10434 | Broken Link | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7087 | Broken Link |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html | 2022-10-31 | |
http://news.samba.org/releases/3.0.37 | 2022-10-31 | |
http://news.samba.org/releases/3.2.15 | 2022-10-31 | |
http://news.samba.org/releases/3.3.8 | 2022-10-31 | |
http://news.samba.org/releases/3.4.2 | 2022-10-31 | |
http://secunia.com/advisories/36893 | 2022-10-31 | |
http://secunia.com/advisories/36918 | 2022-10-31 | |
http://secunia.com/advisories/36937 | 2022-10-31 | |
http://secunia.com/advisories/36953 | 2022-10-31 | |
http://www.ubuntu.com/usn/USN-839-1 | 2022-10-31 | |
https://access.redhat.com/security/cve/CVE-2009-2948 | 2009-11-16 | |
https://bugzilla.redhat.com/show_bug.cgi?id=526074 | 2009-11-16 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 3.0.0 < 3.0.37 Search vendor "Samba" for product "Samba" and version " >= 3.0.0 < 3.0.37" | - |
Affected
| ||||||
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 3.2.0 < 3.2.15 Search vendor "Samba" for product "Samba" and version " >= 3.2.0 < 3.2.15" | - |
Affected
| ||||||
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 3.3.0 < 3.3.8 Search vendor "Samba" for product "Samba" and version " >= 3.3.0 < 3.3.8" | - |
Affected
| ||||||
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 3.4.0 < 3.4.2 Search vendor "Samba" for product "Samba" and version " >= 3.4.0 < 3.4.2" | - |
Affected
|