CVE-2009-2813 — Apple MAC OS X vulnerability

CWE-2648 documents8 sources

Severity

6.0MEDIUMNVD

EPSS

0.8%

top 25.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Apple MAC OS X Apple MAC OS X Server +1 more

Timeline

PublishedSep 14

Latest updateMay 2

Description

Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages4 packages

▶Debiansamba/samba< 2:3.4.2-1+3

▶NVDsamba/samba70 versions+69

▶NVDapple/mac_os_x10.5.8

▶NVDapple/mac_os_x_server10.5.8

Also affects: Fedora 11

🔴Vulnerability Details

GHSA

GHSA-2hg7-9ph2-q8p9: Samba 3↗2022-05-02

▶

CVEList

CVE-2009-2813: Samba 3↗2009-09-14

▶

OSV

CVE-2009-2813: Samba 3↗2009-09-14

▶

📋Vendor Advisories

Ubuntu

Samba vulnerabilities↗2009-10-01

▶

Red Hat

Samba: Share restriction bypass via home-less directory user account(s)↗2009-09-10

▶

Debian

CVE-2009-2813: samba - Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through ...↗2009

▶

💬Community

Bugzilla

CVE-2009-2813 Samba: Share restriction bypass via home-less directory user account(s)↗2009-09-16

▶