Summary
Samba is prone to multiple vulnerabilities including a vulnerability that may allow attackers to bypass certain security restrictions, an information-disclosure vulnerability and a remote denial-of-service vulnerability.
Successful exploits may allow attackers to gain access to resources that aren't supposed to be shared, allow attackers to obtain sensitive information that may aid in further attacks and to cause the application to consume excessive CPU resources, denying service to legitimate users.
Versions prior to Samba 3.4.2, 3.3.8, 3.2.15, and 3.0.37 are vulnerable.
Solution
Updates are available. Please see the references for more information.
References
- http://us1.samba.org/samba/
- http://www.samba.org/samba/history/security.html
- http://www.samba.org/samba/security/CVE-2009-2813.html
- http://www.samba.org/samba/security/CVE-2009-2906.html
- http://www.samba.org/samba/security/CVE-2009-2948.html
- http://www.securityfocus.com/bid/36363
- http://www.securityfocus.com/bid/36572
- http://www.securityfocus.com/bid/36573
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-2813, CVE-2009-2906, CVE-2009-2948 -
CVSS Base Score: 6.0
AV:N/AC:M/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat Multiple Vulnerabilities - 02 Mar14
- Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability
- Apple iTunes Tutorials Window Security Bypass Vulnerability (Windows)
- Adobe Products Unspecified Cross-Site Scripting Vulnerability June-2011 (Windows)
- Apple iTunes Insecure Permissions Privilege Escalation Vulnerability (Mac OS X)