FKIE_CVE-2009-2813

Vulnerability from fkie_nvd - Published: 2009-09-14 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.
References
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=126514298313071&w=2
cve@mitre.orghttp://news.samba.org/releases/3.0.37/
cve@mitre.orghttp://news.samba.org/releases/3.2.15/
cve@mitre.orghttp://news.samba.org/releases/3.3.8/
cve@mitre.orghttp://news.samba.org/releases/3.4.2/
cve@mitre.orghttp://osvdb.org/57955
cve@mitre.orghttp://secunia.com/advisories/36701Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/36893Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/36918Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/36937Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/36953Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/37428Vendor Advisory
cve@mitre.orghttp://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1
cve@mitre.orghttp://support.apple.com/kb/HT3865Vendor Advisory
cve@mitre.orghttp://wiki.rpath.com/Advisories:rPSA-2009-0145
cve@mitre.orghttp://www.samba.org/samba/security/CVE-2009-2813.htmlVendor Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/507856/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/36363
cve@mitre.orghttp://www.ubuntu.com/usn/USN-839-1
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/2810Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/53174
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7211
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7257
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7791
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9191
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=126514298313071&w=2
af854a3a-2127-422b-91ae-364da2661108http://news.samba.org/releases/3.0.37/
af854a3a-2127-422b-91ae-364da2661108http://news.samba.org/releases/3.2.15/
af854a3a-2127-422b-91ae-364da2661108http://news.samba.org/releases/3.3.8/
af854a3a-2127-422b-91ae-364da2661108http://news.samba.org/releases/3.4.2/
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/57955
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36701Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36893Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36918Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36937Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36953Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37428Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT3865Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/Advisories:rPSA-2009-0145
af854a3a-2127-422b-91ae-364da2661108http://www.samba.org/samba/security/CVE-2009-2813.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/507856/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/36363
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-839-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2810Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/53174
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7211
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7257
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7791
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9191
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html
Impacted products
Vendor Product Version
samba samba 3.0.12
samba samba 3.0.13
samba samba 3.0.14
samba samba 3.0.14a
samba samba 3.0.15
samba samba 3.0.16
samba samba 3.0.17
samba samba 3.0.18
samba samba 3.0.19
samba samba 3.0.20
samba samba 3.0.20a
samba samba 3.0.20b
samba samba 3.0.21
samba samba 3.0.21a
samba samba 3.0.21b
samba samba 3.0.21c
samba samba 3.0.22
samba samba 3.0.23
samba samba 3.0.23a
samba samba 3.0.23b
samba samba 3.0.23c
samba samba 3.0.23d
samba samba 3.0.24
samba samba 3.0.25
samba samba 3.0.25
samba samba 3.0.25
samba samba 3.0.25
samba samba 3.0.25
samba samba 3.0.25
samba samba 3.0.25a
samba samba 3.0.25b
samba samba 3.0.25c
samba samba 3.0.26
samba samba 3.0.26a
samba samba 3.0.27
samba samba 3.0.27a
samba samba 3.0.28
samba samba 3.0.28a
samba samba 3.0.29
samba samba 3.0.30
samba samba 3.0.31
samba samba 3.0.32
samba samba 3.0.33
samba samba 3.0.34
samba samba 3.0.35
samba samba 3.0.36
samba samba 3.2
samba samba 3.2.0
samba samba 3.2.1
samba samba 3.2.2
samba samba 3.2.3
samba samba 3.2.4
samba samba 3.2.5
samba samba 3.2.6
samba samba 3.2.7
samba samba 3.2.8
samba samba 3.2.9
samba samba 3.2.10
samba samba 3.2.11
samba samba 3.2.12
samba samba 3.2.13
samba samba 3.2.14
samba samba 3.2.15
samba samba 3.3
samba samba 3.3.0
samba samba 3.3.1
samba samba 3.3.2
samba samba 3.3.3
samba samba 3.3.4
samba samba 3.3.5
samba samba 3.3.6
samba samba 3.3.7
samba samba 3.4
samba samba 3.4.0
samba samba 3.4.1
apple mac_os_x 10.5.8
apple mac_os_x_server 10.5.8
fedoraproject fedora 11
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "50E05AD3-C7F0-421D-8C9B-604E553332E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A53517C-F12D-4D74-A722-5AE23598CEC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BF4A0A7-E176-4009-BAA2-E23B330D91A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*",
              "matchCriteriaId": "42EB6115-CC45-4464-8400-D7E3A9402803",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B06DAF-869F-481B-965D-70353581A6E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBF1A1D4-39DE-4227-A6E0-7E7817BDCCE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "84F0E277-09BD-4FA8-B2A3-7E83AD1656BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F260B05-3963-49BF-9D96-EB06722C5483",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "59A7E91B-7B13-47E5-B8E6-CE7D6DC490F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "F002F105-A911-4E56-8630-C287DC527E05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1936E19-9887-4E53-AA0C-738ABD4B97EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2206C09-6A4B-4EC4-A206-E48EDF966913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B918306-8743-404D-A035-CC3997ADCC3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*",
              "matchCriteriaId": "43684906-D3AA-40FB-A75D-ED65C1DC9BB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*",
              "matchCriteriaId": "62E39538-4811-49DB-97CF-1F018C58BAE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*",
              "matchCriteriaId": "C85D69FE-AF43-4B0E-A7A9-2D2C16426180",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "86347948-C08F-4F02-89A0-4F4A55CD4BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "A908DA9D-A8BD-46BA-A71F-BFDEC0A1341E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CA7905C-51A0-4A56-A6A5-330288613055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AE85033-0658-4D60-8C7A-6E2BD63AFDCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*",
              "matchCriteriaId": "4600AAA4-834D-4F63-8E9A-88CB555C029E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*",
              "matchCriteriaId": "54FE8D2E-AF0D-4C84-A5BC-2CE6759B534C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BFA3B82-9440-49E1-8088-FA22C0B7DD88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "0762B1DA-7232-478D-805F-5E2A50F8BEAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*",
              "matchCriteriaId": "9F22FC74-5999-4158-A253-674BF1C21E2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*",
              "matchCriteriaId": "0EEB31C4-5352-4905-8D9E-BD754991F07E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B0BE2AEC-6ACD-422C-AD20-6C034D68C891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "101163D7-D440-43CC-8704-A9614CD8CEE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "F0E4811D-3387-4838-94A0-1BD7F3C9C3D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.25a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B69EA9CF-627C-4600-B4EC-10E91DB07E1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.25b:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AF740A1-0BEC-4E29-9C74-F1F906EF3EC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.25c:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A8D6D8-A207-498F-8DB2-EB7ED842CE1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "70BB5BA1-F499-40FC-80F6-B3CD2F1BB074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.26a:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A973443-C497-41FB-AF47-529AA2906CCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BEE83D0-8377-49FB-AC7D-3B5E9DB6918B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.27a:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC24403-E706-4073-A04D-53E1B79B59B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "42F2EB0A-249D-4E81-B459-A88AC60A1D39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.28a:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B3AA114-63C8-4B25-86BA-73C6933EE21F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBEA8397-6E23-49FE-9555-39C9599C6362",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "023C2353-750A-42FC-AC7E-115627E74AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28A8721-CA4A-44E1-B740-0B4610374CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "D93572BB-7F00-4137-A079-6FE96CD73F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F0B13E8-EF18-4A3D-B228-C7FF128D1FD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B843321-9A8D-4541-9E54-58E2978E2437",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBF36A20-3607-43A8-A4CC-169922BC0327",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB71265E-60C4-4495-8B66-360E96B76FBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE530BB9-A3ED-4EBB-B8E5-86D4CC5A8C7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "44746973-3CFD-4808-9545-755E296EFF6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31E4627C-5D19-4599-B304-D0E4D4193170",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE162A7-969D-44D5-B9ED-764F20F19C87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "28DF45AE-DF03-4321-A019-D3BBC16433B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D87AD2-89F2-455F-916E-D404E6BD02C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6218AB51-DE71-40F3-8CBC-AF33586D36EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D02F8427-0DCC-48A9-A04F-939571D511E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4AEDE0A-B15C-4B0B-AFE9-4F96E5F71429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8A9943-6949-4B0A-9864-8B4696704098",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF1D6FEB-A3C8-41D1-B222-3AD11DB9C4AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "4970BB40-085C-4069-B6F1-7E3726F1CFCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F1E6CDA-36BF-4374-BBDF-B6DD52598AA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA43C063-EBE1-4C61-9C9E-C84C3A594A52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "6962B6DA-5D78-4702-9546-216971D03F40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "39FAD067-8547-41E7-B1BC-74CC55D58AA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "787C3CBF-5E4E-4727-950A-D99F15327CEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D9E86C9-14FE-4C55-A08F-9A0C555260ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D4B0684-FDCC-4EE8-AABA-F71204167C81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7172A430-F124-4200-88C2-8BE486BA5DDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0EB9DC7-A196-48ED-893B-733E8CDA961F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "27D03508-3D54-4D05-A5BC-6F8641B45C2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F235FA61-ECBB-45C8-A48D-FAF12A5E2EC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B0E09D3-68FA-40C9-A478-53707E5F78BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "66D41850-968D-431D-8075-EE9EFF013408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "873A4A35-2CB0-4D55-B455-19D892776293",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDCD3046-85BB-40A6-A898-774833033891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C78E2B3A-10C4-4226-A224-8D4AC792B2F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFFCF854-E316-442F-A62F-ACC1CA4E9892",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1335E35A-D381-4056-9E78-37BC6DF8AD98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "82B4CD59-9F37-4EF0-BA43-427CFD6E1329",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3BB5EDB-520B-4DEF-B06E-65CA13152824",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories."
    },
    {
      "lang": "es",
      "value": "Samba 3.4 en versiones anteriores a 3.4.2, 3.3 en versiones anteriores a 3.3.8, 3.2 en versiones anteriores a 3.2.15 y 3.0.12 hasta la versi\u00f3n 3.0.36, como es utilizado en el subsistema SMB en Apple Mac OS X 10.5.8 cuando Windows File Sharing est\u00e1 habilitado, Fedora 11 y otros sistemas operativos, no maneja adecuadamente errores al resolver nombres de ruta, lo que permite a usuarios remotos autenticados eludir las restricciones previstas para los recursos compartidos as\u00ed como, leer, crear o modificar archivos, en determinadas circunstancias que involucran a las cuentas de usuario que carecen de directorios de inicio."
    }
  ],
  "id": "CVE-2009-2813",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-09-14T16:30:00.453",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=126514298313071\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://news.samba.org/releases/3.0.37/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://news.samba.org/releases/3.2.15/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://news.samba.org/releases/3.3.8/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://news.samba.org/releases/3.4.2/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/57955"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36701"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36893"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36918"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36937"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36953"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37428"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.561439"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3865"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0145"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.samba.org/samba/security/CVE-2009-2813.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/507856/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/36363"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-839-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2810"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53174"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7211"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7257"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7791"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9191"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=126514298313071\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://news.samba.org/releases/3.0.37/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://news.samba.org/releases/3.2.15/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://news.samba.org/releases/3.3.8/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://news.samba.org/releases/3.4.2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/57955"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36701"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36893"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36918"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36937"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36953"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37428"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.561439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0145"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.samba.org/samba/security/CVE-2009-2813.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/507856/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36363"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-839-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2810"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53174"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7211"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7257"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.