Rapid7 Vulnerability & Exploit Database

Samba CVE-2009-2948: Information disclosure by setuid mount.cifs

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

Samba CVE-2009-2948: Information disclosure by setuid mount.cifs

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:N/A:N)

Published

10/07/2009

Created

07/25/2018

Added

11/13/2013

Modified

05/04/2018

Description

mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.

Solution(s)

samba-upgrade-3_0_37
samba-upgrade-3_2_15
samba-upgrade-3_3_8
samba-upgrade-3_4_2

References

https://attackerkb.com/topics/cve-2009-2948
36572
CVE - 2009-2948
OVAL10434
OVAL7087
http://www.samba.org/samba/security/CVE-2009-2948.html
53574

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Samba CVE-2009-2948: Information disclosure by setuid mount.cifs

Samba CVE-2009-2948: Information disclosure by setuid mount.cifs

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.