Access Restriction Bypass Affecting samba package, versions <2:3.4.2-1


Severity

Recommended
medium

Based on Debian security rating.

Threat Intelligence

EPSS
0.08% (37th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIANUNSTABLE-SAMBA-357611
  • published7 Oct 2009
  • disclosed7 Oct 2009

Introduced: 7 Oct 2009

CVE-2009-2948  (opens in a new tab)
CWE-264  (opens in a new tab)

How to fix?

Upgrade Debian:unstable samba to version 2:3.4.2-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream samba package and not the samba package as distributed by Debian. See How to fix? for Debian:unstable relevant fixed versions and status.

mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.

CVSS Scores

version 3.1