CVE-2009-2948
UnknownEPSS 0.52%
Last modified
CVE-2009-2948 is a vulnerability of currently unknown severity. mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.. EPSS estimates a 0.52% chance of exploitation in the next 30 days.
Description
mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Samba | Samba | >= 3.0.0, < 3.0.37 |
| Samba | Samba | >= 3.2.0, < 3.2.15 |
| Samba | Samba | >= 3.3.0, < 3.3.8 |
| Samba | Samba | >= 3.4.0, < 3.4.2 |
References
- http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.htmlMailing List, Third Party Advisory
- http://news.samba.org/releases/3.0.37/Broken Link, Vendor Advisory
- http://news.samba.org/releases/3.2.15/Broken Link, Vendor Advisory
- http://news.samba.org/releases/3.3.8/Broken Link, Vendor Advisory
- http://news.samba.org/releases/3.4.2/Broken Link, Vendor Advisory
- http://osvdb.org/58520Broken Link
- http://secunia.com/advisories/36893Not Applicable, Vendor Advisory
- http://secunia.com/advisories/36918Not Applicable, Vendor Advisory
- http://secunia.com/advisories/36937Not Applicable, Vendor Advisory
- http://secunia.com/advisories/36953Not Applicable, Vendor Advisory
- http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439Patch, Third Party Advisory
- http://www.samba.org/samba/security/CVE-2009-2948.htmlPatch, Vendor Advisory
- http://www.securityfocus.com/bid/36572Patch, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1022975Broken Link, Patch, Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-839-1Third Party Advisory
- http://www.vupen.com/english/advisories/2009/2810Permissions Required, Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53574Third Party Advisory, VDB Entry
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10434Broken Link, Third Party Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7087Broken Link, Third Party Advisory
- https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.htmlPatch, Third Party Advisory
- https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.htmlPatch, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.htmlMailing List, Third Party Advisory
- http://news.samba.org/releases/3.0.37/Broken Link, Vendor Advisory
- http://news.samba.org/releases/3.2.15/Broken Link, Vendor Advisory
- http://news.samba.org/releases/3.3.8/Broken Link, Vendor Advisory
- http://news.samba.org/releases/3.4.2/Broken Link, Vendor Advisory
- http://osvdb.org/58520Broken Link
- http://secunia.com/advisories/36893Not Applicable, Vendor Advisory
- http://secunia.com/advisories/36918Not Applicable, Vendor Advisory
- http://secunia.com/advisories/36937Not Applicable, Vendor Advisory
- http://secunia.com/advisories/36953Not Applicable, Vendor Advisory
- http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439Patch, Third Party Advisory
- http://www.samba.org/samba/security/CVE-2009-2948.htmlPatch, Vendor Advisory
- http://www.securityfocus.com/bid/36572Patch, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1022975Broken Link, Patch, Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-839-1Third Party Advisory
- http://www.vupen.com/english/advisories/2009/2810Permissions Required, Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53574Third Party Advisory, VDB Entry
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10434Broken Link, Third Party Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7087Broken Link, Third Party Advisory
- https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.htmlPatch, Third Party Advisory
- https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.htmlPatch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-2948?
mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.
How severe is CVE-2009-2948?
Severity scoring for CVE-2009-2948 is pending analysis. The EPSS model estimates a 0.52% probability of exploitation in the next 30 days.
How do I fix CVE-2009-2948?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2009-2948?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST