CVE-2009-2813 — MEDIUM (6.0)

Vulnerability Description

Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.

CVSS Score

6.0

MEDIUM

AV:N/AC:M/Au:S/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Samba	Samba	3.0.12
Apple	Mac Os X	10.5.8
Apple	Mac Os X Server	10.5.8
Fedoraproject	Fedora	11

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2009-2813?

CVE-2009-2813 is a vulnerability with a CVSS score of 6.0 (MEDIUM). Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other...

How severe is CVE-2009-2813?

CVE-2009-2813 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-2813?

Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba, Apple Mac Os X, Apple Mac Os X Server, Fedoraproject Fedora.