CVE-2009-0022 — Improper Input Validation in Samba

CWE-20 — Improper Input Validation8 documents7 sources

Severity

6.3MEDIUMNVD

EPSS

4.4%

top 10.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba

Timeline

PublishedJan 5

Latest updateMay 2

Description

Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name.

CVSS vector

AV:N/AC:M/C:C/I:N/A:NExploitability: 6.8 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/samba< samba 2:3.2.5-3 (bookworm)

▶Debiansamba/samba< 2:3.2.5-3+3

▶NVDsamba/samba7 versions+6

🔴Vulnerability Details

GHSA

GHSA-9j75-qv5f-pwv3: Samba 3↗2022-05-02

▶

OSV

CVE-2009-0022: Samba 3↗2009-01-05

▶

📋Vendor Advisories

Red Hat

samba: potential access to "/" in setups with registry shares enabled↗2009-01-05

▶

Ubuntu

Samba vulnerability↗2009-01-05

▶

Debian

CVE-2009-0022: samba - Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authe...↗2009

▶

💬Community

Bugzilla

Moodle: Multiple security fixes in 1.9.7 and 1.8.11 upstream releases↗2009-12-06

▶

Bugzilla

CVE-2009-0022 samba: potential access to "/" in setups with registry shares enabled↗2009-01-07

▶