{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-10-01T00:00:00", "descriptions": [{"lang": "en", "value": "mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.samba.org/samba/security/CVE-2009-2948.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://news.samba.org/releases/3.4.2/"}, {"name": "FEDORA-2009-10172", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html"}, {"name": "58520", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/58520"}, {"name": "1022975", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1022975"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://news.samba.org/releases/3.2.15/"}, {"name": "oval:org.mitre.oval:def:7087", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7087"}, {"name": "36572", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/36572"}, {"name": "ADV-2009-2810", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/2810"}, {"name": "SSA:2009-276-01", "tags": ["vendor-advisory", "x_refsource_SLACKWARE"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439"}, {"name": "36937", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36937"}, {"name": "USN-839-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-839-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://news.samba.org/releases/3.0.37/"}, {"name": "oval:org.mitre.oval:def:10434", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10434"}, {"name": "36918", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36918"}, {"name": "36893", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36893"}, {"name": "samba-mountcifs-info-disclosure(53574)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53574"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://news.samba.org/releases/3.3.8/"}, {"name": "36953", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36953"}, {"name": "SUSE-SR:2009:017", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"}, {"name": "FEDORA-2009-10180", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2948", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.samba.org/samba/security/CVE-2009-2948.html", "refsource": "CONFIRM", "url": "http://www.samba.org/samba/security/CVE-2009-2948.html"}, {"name": "http://news.samba.org/releases/3.4.2/", "refsource": "CONFIRM", "url": "http://news.samba.org/releases/3.4.2/"}, {"name": "FEDORA-2009-10172", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html"}, {"name": "58520", "refsource": "OSVDB", "url": "http://osvdb.org/58520"}, {"name": "1022975", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022975"}, {"name": "http://news.samba.org/releases/3.2.15/", "refsource": "CONFIRM", "url": "http://news.samba.org/releases/3.2.15/"}, {"name": "oval:org.mitre.oval:def:7087", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7087"}, {"name": "36572", "refsource": "BID", "url": "http://www.securityfocus.com/bid/36572"}, {"name": "ADV-2009-2810", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/2810"}, {"name": "SSA:2009-276-01", "refsource": "SLACKWARE", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439"}, {"name": "36937", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36937"}, {"name": "USN-839-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-839-1"}, {"name": "http://news.samba.org/releases/3.0.37/", "refsource": "CONFIRM", "url": "http://news.samba.org/releases/3.0.37/"}, {"name": "oval:org.mitre.oval:def:10434", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10434"}, {"name": "36918", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36918"}, {"name": "36893", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36893"}, {"name": "samba-mountcifs-info-disclosure(53574)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53574"}, {"name": "http://news.samba.org/releases/3.3.8/", "refsource": "CONFIRM", "url": "http://news.samba.org/releases/3.3.8/"}, {"name": "36953", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36953"}, {"name": "SUSE-SR:2009:017", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"}, {"name": "FEDORA-2009-10180", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:07:37.340Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.samba.org/samba/security/CVE-2009-2948.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://news.samba.org/releases/3.4.2/"}, {"name": "FEDORA-2009-10172", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html"}, {"name": "58520", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/58520"}, {"name": "1022975", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1022975"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://news.samba.org/releases/3.2.15/"}, {"name": "oval:org.mitre.oval:def:7087", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7087"}, {"name": "36572", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/36572"}, {"name": "ADV-2009-2810", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/2810"}, {"name": "SSA:2009-276-01", "tags": ["vendor-advisory", "x_refsource_SLACKWARE", "x_transferred"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439"}, {"name": "36937", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36937"}, {"name": "USN-839-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-839-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://news.samba.org/releases/3.0.37/"}, {"name": "oval:org.mitre.oval:def:10434", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10434"}, {"name": "36918", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36918"}, {"name": "36893", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36893"}, {"name": "samba-mountcifs-info-disclosure(53574)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53574"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://news.samba.org/releases/3.3.8/"}, {"name": "36953", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36953"}, {"name": "SUSE-SR:2009:017", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"}, {"name": "FEDORA-2009-10180", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2948", "datePublished": "2009-10-07T18:00:00", "dateReserved": "2009-08-23T00:00:00", "dateUpdated": "2024-08-07T06:07:37.340Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0E114F0-973F-47CA-A233-53AC718A97F1", "versionEndExcluding": "3.0.37", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "836C7AC0-CAE0-459A-A8A5-AA60DFD693CE", "versionEndExcluding": "3.2.15", "versionStartIncluding": "3.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9C888EF-28BF-44BF-9E47-564B0C3222F4", "versionEndExcluding": "3.3.8", "versionStartIncluding": "3.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3209E99-C442-4B0E-8EDB-E4EB995AC9C6", "versionEndExcluding": "3.4.2", "versionStartIncluding": "3.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option."}, {"lang": "es", "value": "mount.cifs en Samba v3.0 anterior a v3.0.37, v3.2 anterior a v3.2.15, v3.3 anterior a v3.3.8 y v3.4 anterior a v3.4.2, cuando mount.cifs es instalado con el suid root, no refuerza los permisos adecuadamente, lo que permite a usuarios locales leer parte del archivo de credenciales y obtener la contrase\u00f1a especificando la ruta al archivo de credenciales y usando la opci\u00f3n --verbose o -v."}], "id": "CVE-2009-2948", "lastModified": "2022-10-31T15:03:25.217", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-10-07T18:30:00.920", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://news.samba.org/releases/3.0.37/"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://news.samba.org/releases/3.2.15/"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://news.samba.org/releases/3.3.8/"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://news.samba.org/releases/3.4.2/"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://osvdb.org/58520"}, {"source": "cve@mitre.org", "tags": ["Not Applicable", "Vendor Advisory"], "url": "http://secunia.com/advisories/36893"}, {"source": "cve@mitre.org", "tags": ["Not Applicable", "Vendor Advisory"], "url": "http://secunia.com/advisories/36918"}, {"source": "cve@mitre.org", "tags": ["Not Applicable", "Vendor Advisory"], "url": "http://secunia.com/advisories/36937"}, {"source": "cve@mitre.org", "tags": ["Not Applicable", "Vendor Advisory"], "url": "http://secunia.com/advisories/36953"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.samba.org/samba/security/CVE-2009-2948.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/36572"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Patch", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1022975"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-839-1"}, {"source": "cve@mitre.org", "tags": ["Permissions Required", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/2810"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53574"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10434"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7087"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2009:1529", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "samba-0:3.0.33-0.18.el4_8", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2009-10-27T00:00:00Z"}, {"advisory": "RHSA-2009:1529", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "samba-0:3.0.33-3.15.el5_4", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2009-10-27T00:00:00Z"}, {"advisory": "RHSA-2009:1585", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "samba3x-0:3.3.8-0.46.el5", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2009-11-16T00:00:00Z"}], "bugzilla": {"description": "samba: information disclosure in suid mount.cifs", "id": "526074", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526074"}, "csaw": false, "cvss": {"cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", "status": "verified"}, "details": ["mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option."], "name": "CVE-2009-2948", "public_date": "2009-10-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-2948\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-2948"], "threat_severity": "Low"}