1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
Candidate: CVE-2009-2813
PublicDate: 2009-09-14
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
http://www.ubuntu.com/usn/usn-839-1
Description:
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12
through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when
Windows File Sharing is enabled, Fedora 11, and other operating systems,
does not properly handle errors in resolving pathnames, which allows remote
authenticated users to bypass intended sharing restrictions, and read,
create, or modify files, in certain circumstances involving user accounts
that lack home directories.
Ubuntu-Description:
Notes:
jdstrand> from Apple's security announce: "An unchecked error condition exists
in Samba. A user who does not have a configured home directory, and connects
to the Windows File Sharing service, will be able to access the contents of
the file system, subject to local file system permissions. This update
addresses the issue by improving the handling of path resolution errors."
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
Patches_samba:
upstream_samba: needs-triage
dapper_samba: released (3.0.22-1ubuntu3.9)
hardy_samba: released (3.0.28a-1ubuntu4.9)
intrepid_samba: released (2:3.2.3-1ubuntu3.6)
jaunty_samba: released (2:3.3.2-1ubuntu3.2)
devel_samba: released (2:3.4.0-3ubuntu5)
|