CVE-2009-2813

NameCVE-2009-2813
DescriptionSamba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1908-1
NVD severitymedium (attack range: remote)
Debian Bugs550422

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
samba (PTS)wheezy2:3.6.6-6+deb7u7fixed
wheezy (security)2:3.6.6-6+deb7u15fixed
jessie (security), jessie2:4.2.14+dfsg-0+deb8u9fixed
stretch (security), stretch2:4.5.12+dfsg-2+deb9u1fixed
buster, sid2:4.7.3+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sambasource(unstable)2:3.4.2-1medium550422
sambasourcelenny2:3.2.5-4lenny7mediumDSA-1908-1

Notes

requires an administrator to manually configure a user account without
a home dir, otherwise, this is ineffective

Search for package or bug name: Reporting problems