CVE-2009-2813
First published: Mon Sep 14 2009(Updated: )
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fedora | =11 | |
| Samba | =3.0.12 | |
| Samba | =3.0.13 | |
| Samba | =3.0.14 | |
| Samba | =3.0.14a | |
| Samba | =3.0.15 | |
| Samba | =3.0.16 | |
| Samba | =3.0.17 | |
| Samba | =3.0.18 | |
| Samba | =3.0.19 | |
| Samba | =3.0.20 | |
| Samba | =3.0.20a | |
| Samba | =3.0.20b | |
| Samba | =3.0.21 | |
| Samba | =3.0.21a | |
| Samba | =3.0.21b | |
| Samba | =3.0.21c | |
| Samba | =3.0.22 | |
| Samba | =3.0.23 | |
| Samba | =3.0.23a | |
| Samba | =3.0.23b | |
| Samba | =3.0.23c | |
| Samba | =3.0.23d | |
| Samba | =3.0.24 | |
| Samba | =3.0.25 | |
| Samba | =3.0.25-pre1 | |
| Samba | =3.0.25-pre2 | |
| Samba | =3.0.25-rc1 | |
| Samba | =3.0.25-rc2 | |
| Samba | =3.0.25-rc3 | |
| Samba | =3.0.25a | |
| Samba | =3.0.25b | |
| Samba | =3.0.25c | |
| Samba | =3.0.26 | |
| Samba | =3.0.26a | |
| Samba | =3.0.27 | |
| Samba | =3.0.27a | |
| Samba | =3.0.28 | |
| Samba | =3.0.28a | |
| Samba | =3.0.29 | |
| Samba | =3.0.30 | |
| Samba | =3.0.31 | |
| Samba | =3.0.32 | |
| Samba | =3.0.33 | |
| Samba | =3.0.34 | |
| Samba | =3.0.35 | |
| Samba | =3.0.36 | |
| Samba | =3.2 | |
| Samba | =3.2.0 | |
| Samba | =3.2.1 | |
| Samba | =3.2.2 | |
| Samba | =3.2.3 | |
| Samba | =3.2.4 | |
| Samba | =3.2.5 | |
| Samba | =3.2.6 | |
| Samba | =3.2.7 | |
| Samba | =3.2.8 | |
| Samba | =3.2.9 | |
| Samba | =3.2.10 | |
| Samba | =3.2.11 | |
| Samba | =3.2.12 | |
| Samba | =3.2.13 | |
| Samba | =3.2.14 | |
| Samba | =3.2.15 | |
| Samba | =3.3 | |
| Samba | =3.3.0 | |
| Samba | =3.3.1 | |
| Samba | =3.3.2 | |
| Samba | =3.3.3 | |
| Samba | =3.3.4 | |
| Samba | =3.3.5 | |
| Samba | =3.3.6 | |
| Samba | =3.3.7 | |
| Samba | =3.4 | |
| Samba | =3.4.0 | |
| Samba | =3.4.1 | |
| Apple iOS and macOS | =10.5.8 | |
| Apple macOS Server | =10.5.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/36701
- http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
- http://support.apple.com/kb/HT3865
- http://secunia.com/advisories/36893
- http://news.samba.org/releases/3.2.15/
- http://secunia.com/advisories/36918
- https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html
- http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439
- http://secunia.com/advisories/36937
- http://secunia.com/advisories/36953
- http://news.samba.org/releases/3.4.2/
- http://www.samba.org/samba/security/CVE-2009-2813.html
- https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html
- http://www.vupen.com/english/advisories/2009/2810
- http://www.ubuntu.com/usn/USN-839-1
- http://news.samba.org/releases/3.0.37/
- http://news.samba.org/releases/3.3.8/
- http://wiki.rpath.com/Advisories:rPSA-2009-0145
- http://secunia.com/advisories/37428
- http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1
- http://osvdb.org/57955
- http://www.securityfocus.com/bid/36363
- http://marc.info/?l=bugtraq&m=126514298313071&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53174
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9191
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7791
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7257
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7211
- http://www.securityfocus.com/archive/1/507856/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2009-2813?
CVE-2009-2813 has been rated as a high severity vulnerability due to its potential for remote authentication bypass.
How do I fix CVE-2009-2813?
To fix CVE-2009-2813, update Samba to version 3.4.2 or a later version that addresses this vulnerability.
What are the affected versions for CVE-2009-2813?
CVE-2009-2813 affects Samba versions 3.0.12 to 3.0.36, 3.2 prior to 3.2.15, 3.3 prior to 3.3.8, and 3.4 prior to 3.4.2.
Which operating systems are impacted by CVE-2009-2813?
CVE-2009-2813 impacts multiple operating systems including Apple Mac OS X 10.5.8 and Fedora 11.
Can CVE-2009-2813 be exploited remotely?
Yes, CVE-2009-2813 can be exploited remotely if Windows File Sharing is enabled on the affected systems.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/fedoraproject
- canonical/fedora
- version/fedora/11
- vendor/samba
- canonical/samba
- version/samba/3.0.12
- version/samba/3.0.13
- version/samba/3.0.14
- version/samba/3.0.14a
- version/samba/3.0.15
- version/samba/3.0.16
- version/samba/3.0.17
- version/samba/3.0.18
- version/samba/3.0.19
- version/samba/3.0.20
- version/samba/3.0.20a
- version/samba/3.0.20b
- version/samba/3.0.21
- version/samba/3.0.21a
- version/samba/3.0.21b
- version/samba/3.0.21c
- version/samba/3.0.22
- version/samba/3.0.23
- version/samba/3.0.23a
- version/samba/3.0.23b
- version/samba/3.0.23c
- version/samba/3.0.23d
- version/samba/3.0.24
- version/samba/3.0.25
- version/samba/3.0.25-pre1
- version/samba/3.0.25-pre2
- version/samba/3.0.25-rc1
- version/samba/3.0.25-rc2
- version/samba/3.0.25-rc3
- version/samba/3.0.25a
- version/samba/3.0.25b
- version/samba/3.0.25c
- version/samba/3.0.26
- version/samba/3.0.26a
- version/samba/3.0.27
- version/samba/3.0.27a
- version/samba/3.0.28
- version/samba/3.0.28a
- version/samba/3.0.29
- version/samba/3.0.30
- version/samba/3.0.31
- version/samba/3.0.32
- version/samba/3.0.33
- version/samba/3.0.34
- version/samba/3.0.35
- version/samba/3.0.36
- version/samba/3.2
- version/samba/3.2.0
- version/samba/3.2.1
- version/samba/3.2.2
- version/samba/3.2.3
- version/samba/3.2.4
- version/samba/3.2.5
- version/samba/3.2.6
- version/samba/3.2.7
- version/samba/3.2.8
- version/samba/3.2.9
- version/samba/3.2.10
- version/samba/3.2.11
- version/samba/3.2.12
- version/samba/3.2.13
- version/samba/3.2.14
- version/samba/3.2.15
- version/samba/3.3
- version/samba/3.3.0
- version/samba/3.3.1
- version/samba/3.3.2
- version/samba/3.3.3
- version/samba/3.3.4
- version/samba/3.3.5
- version/samba/3.3.6
- version/samba/3.3.7
- version/samba/3.4
- version/samba/3.4.0
- version/samba/3.4.1
- vendor/apple
- canonical/apple ios and macos
- version/apple ios and macos/10.5.8
- canonical/apple macos server
- version/apple macos server/10.5.8