CVE-2009-2813

Loading...

General

Score:6.0/10.0
Severity:Medium
Category:Access Control Error
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:Multiple

Relative vulnerabilities

CVE-2007-2444, CVE-2007-2446, CVE-2007-2447, CVE-2008-1105, CVE-2008-2079, CVE-2008-3789, CVE-2008-4314, CVE-2008-5498, CVE-2008-6680, CVE-2009-0590, CVE-2009-0591, CVE-2009-0789, CVE-2009-0798, CVE-2009-0949, CVE-2009-1241, CVE-2009-1270, CVE-2009-1271, CVE-2009-1272, CVE-2009-1371, CVE-2009-1372, CVE-2009-1862, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1867, CVE-2009-1868, CVE-2009-1869, CVE-2009-1870, CVE-2009-1888, CVE-2009-2468, CVE-2009-2800, CVE-2009-2803, CVE-2009-2804, CVE-2009-2805, CVE-2009-2807, CVE-2009-2809, CVE-2009-2811, CVE-2009-2812, CVE-2009-2814, CVE-2009-2906, CVE-2009-2948, CVE-2009-3297, CVE-2010-0728, CVE-2010-3069, CVE-2011-0719, CVE-2011-2522, CVE-2011-2694, CVE-2012-0817, CVE-2012-1182, CVE-2012-2111, CVE-2012-6150, CVE-2013-0172, CVE-2013-0213, CVE-2013-0214, CVE-2013-4124, CVE-2013-4408, CVE-2013-4475, CVE-2013-4496, CVE-2013-6442, CVE-2014-0178, CVE-2014-0244, CVE-2014-3493, CVE-2014-3560, CVE-2015-0240, CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-5370, CVE-2015-7560, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118, CVE-2016-2119, CVE-2016-2125, CVE-2016-2126, CVE-2017-12150, CVE-2017-12151, CVE-2017-12163, CVE-2017-14746, CVE-2017-15275, CVE-2017-2619, CVE-2017-7494, CVE-2018-1050, CVE-2018-10858, CVE-2018-1139

Published on 14/09/09 - Updated on 10/10/18

Description

Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.

Category: Access Control Error

CWE-264 (Permissions, Privileges, and Access Control)
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Security Notices

US National Vulnerability DatabaseCVE-2009-2813
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2009-AVI-382, CERTA-2009-AVI-420, CERTA-2010-AVI-160
CentOS CESA-2009:1529
Oracle Linux ELSA-2017-0662, ELSA-2018-1860, ELSA-2018-3056
Redhat RHSA-2009:1529, RHSA-2009:1585
Renater 2009/VULN364, 2009/VULN404, 2009/VULN462, 2010/VULN112

Exploits

SecurityFocusBID-36363

Relative technologies

VendorProduct
applemac_os_x
applemac_os_x_server
fedoraprojectfedora
sambasamba

Share this vulnerability with:

Twitter Facebook LinkedIn Mail