|
|
| |
|
| |
samba: several vulnerabilities
| Package(s): | samba |
CVE #(s): | CVE-2009-2813
CVE-2009-2906
CVE-2009-2948
|
| Created: | October 2, 2009 |
Updated: | March 10, 2010 |
| Description: |
From the Ubuntu advisory:
J. David Hester discovered that Samba incorrectly handled users that lack
home directories when the automated [homes] share is enabled. An
authenticated user could connect to that share name and gain access to the
whole filesystem. (CVE-2009-2813)
Tim Prouty discovered that the smbd daemon in Samba incorrectly handled
certain unexpected network replies. A remote attacker could send malicious
replies to the server and cause smbd to use all available CPU, leading to a
denial of service. (CVE-2009-2906)
Ronald Volgers discovered that the mount.cifs utility, when installed as a
setuid program, would not verify user permissions before opening a
credentials file. A local user could exploit this to use or read the
contents of unauthorized credential files. (CVE-2009-2948)
|
| Alerts: |
|
( Log in to post comments)
|
|
|