CVE-2009-2813

Published: Sep 14, 2009Modified: Apr 23, 2026

6.0

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability: 6.8 / Impact: 6.4

Source: NVD

Description

Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.

Affected (78)

Products: Samba: Samba · Apple: Mac Os X, Mac Os X Server · Fedoraproject: Fedora

1 product

2 products

1 product

Configuration A

77 vulnerable

Vulnerable Software	Affected Versions
Samba Samba	Version 3.0.12
Samba Samba	Version 3.0.13
Samba Samba	Version 3.0.14
Samba Samba	Version 3.0.14a
Samba Samba	Version 3.0.15
Samba Samba	Version 3.0.16
Samba Samba	Version 3.0.17
Samba Samba	Version 3.0.18
Samba Samba	Version 3.0.19
Samba Samba	Version 3.0.20
Samba Samba	Version 3.0.20a
Samba Samba	Version 3.0.20b
Samba Samba	Version 3.0.21
Samba Samba	Version 3.0.21a
Samba Samba	Version 3.0.21b
Samba Samba	Version 3.0.21c
Samba Samba	Version 3.0.22
Samba Samba	Version 3.0.23
Samba Samba	Version 3.0.23a
Samba Samba	Version 3.0.23b
Samba Samba	Version 3.0.23c
Samba Samba	Version 3.0.23d
Samba Samba	Version 3.0.24
Samba Samba	Version 3.0.25
Samba Samba	Version 3.0.25 pre1
Samba Samba	Version 3.0.25 pre2
Samba Samba	Version 3.0.25 rc1
Samba Samba	Version 3.0.25 rc2
Samba Samba	Version 3.0.25 rc3
Samba Samba	Version 3.0.25a
Samba Samba	Version 3.0.25b
Samba Samba	Version 3.0.25c
Samba Samba	Version 3.0.26
Samba Samba	Version 3.0.26a
Samba Samba	Version 3.0.27
Samba Samba	Version 3.0.27a
Samba Samba	Version 3.0.28
Samba Samba	Version 3.0.28a
Samba Samba	Version 3.0.29
Samba Samba	Version 3.0.30
Samba Samba	Version 3.0.31
Samba Samba	Version 3.0.32
Samba Samba	Version 3.0.33
Samba Samba	Version 3.0.34
Samba Samba	Version 3.0.35
Samba Samba	Version 3.0.36
Samba Samba	Version 3.2.0
Samba Samba	Version 3.2.10
Samba Samba	Version 3.2.11
Samba Samba	Version 3.2.12
Samba Samba	Version 3.2.13
Samba Samba	Version 3.2.14
Samba Samba	Version 3.2.15
Samba Samba	Version 3.2.1
Samba Samba	Version 3.2.2
Samba Samba	Version 3.2.3
Samba Samba	Version 3.2.4
Samba Samba	Version 3.2.5
Samba Samba	Version 3.2.6
Samba Samba	Version 3.2.7
Samba Samba	Version 3.2.8
Samba Samba	Version 3.2.9
Samba Samba	Version 3.2
Samba Samba	Version 3.3.0
Samba Samba	Version 3.3.1
Samba Samba	Version 3.3.2
Samba Samba	Version 3.3.3
Samba Samba	Version 3.3.4
Samba Samba	Version 3.3.5
Samba Samba	Version 3.3.6
Samba Samba	Version 3.3.7
Samba Samba	Version 3.3
Samba Samba	Version 3.4.0
Samba Samba	Version 3.4.1
Samba Samba	Version 3.4
Apple Mac Os X	Version 10.5.8
Apple Mac Os X Server	Version 10.5.8

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 11

Related CWEs

CWE-264

References (60)

http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=126514298313071&w=2

Source: cve@mitre.org

http://news.samba.org/releases/3.0.37/

Source: cve@mitre.org

http://news.samba.org/releases/3.2.15/

Source: cve@mitre.org

http://news.samba.org/releases/3.3.8/

Source: cve@mitre.org

http://news.samba.org/releases/3.4.2/

Source: cve@mitre.org

http://osvdb.org/57955

Source: cve@mitre.org

http://secunia.com/advisories/36701

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/36893

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/36918

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/36937

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/36953

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/37428

Source: cve@mitre.org

Vendor Advisory

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439

Source: cve@mitre.org

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1

Source: cve@mitre.org

http://support.apple.com/kb/HT3865

Source: cve@mitre.org

Vendor Advisory

http://wiki.rpath.com/Advisories:rPSA-2009-0145

Source: cve@mitre.org

http://www.samba.org/samba/security/CVE-2009-2813.html

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/archive/1/507856/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/36363

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-839-1

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2009/2810

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/53174

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7211

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7257

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7791

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9191

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html