CVE-2009-0022 - Vulnerability Details - OpenCVE

Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Samba	Samba

Configuration 1 [-]

OR	cpe:2.3:a:samba:samba:3.2.0:::::::*
	cpe:2.3:a:samba:samba:3.2.1:::::::*
	cpe:2.3:a:samba:samba:3.2.2:::::::*
	cpe:2.3:a:samba:samba:3.2.3:::::::*
	cpe:2.3:a:samba:samba:3.2.4:::::::*
	cpe:2.3:a:samba:samba:3.2.5:::::::*
	cpe:2.3:a:samba:samba:3.2.6:::::::*

No data.

References

Link	Providers
http://master.samba.org/samba/ftp/patches/security/samba-3.2.6-CVE-2009-0022.patch
http://osvdb.org/51152
http://secunia.com/advisories/33379
http://secunia.com/advisories/33392
http://secunia.com/advisories/33431
http://www.mandriva.com/security/advisories?name=MDVSA-2009:042
http://www.samba.org/samba/security/CVE-2009-0022.html
http://www.securityfocus.com/bid/33118
http://www.securitytracker.com/id?1021513
http://www.vupen.com/english/advisories/2009/0017
https://exchange.xforce.ibmcloud.com/vulnerabilities/47733
https://nvd.nist.gov/vuln/detail/CVE-2009-0022
https://usn.ubuntu.com/702-1/
https://www.cve.org/CVERecord?id=CVE-2009-0022
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00309.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2009-01-05T20:00:00

Updated: 2024-08-07T04:17:10.480Z

Reserved: 2008-12-15T00:00:00

Link: CVE-2009-0022

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-01-05T20:30:02.390

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-0022

Redhat

Severity : Moderate

Publid Date: 2009-01-05T00:00:00Z

Links: CVE-2009-0022 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-01-05T00:00:00", "descriptions": [{"lang": "en", "value": "Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-03T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://master.samba.org/samba/ftp/patches/security/samba-3.2.6-CVE-2009-0022.patch"}, {"name": "MDVSA-2009:042", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:042"}, {"name": "33392", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33392"}, {"name": "samba-file-system-security-bypass(47733)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47733"}, {"name": "1021513", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021513"}, {"name": "FEDORA-2009-0268", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00309.html"}, {"name": "33118", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33118"}, {"name": "USN-702-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/702-1/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.samba.org/samba/security/CVE-2009-0022.html"}, {"name": "51152", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/51152"}, {"name": "33379", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33379"}, {"name": "33431", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33431"}, {"name": "ADV-2009-0017", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/0017"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:17:10.480Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://master.samba.org/samba/ftp/patches/security/samba-3.2.6-CVE-2009-0022.patch"}, {"name": "MDVSA-2009:042", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:042"}, {"name": "33392", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33392"}, {"name": "samba-file-system-security-bypass(47733)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47733"}, {"name": "1021513", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1021513"}, {"name": "FEDORA-2009-0268", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00309.html"}, {"name": "33118", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/33118"}, {"name": "USN-702-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/702-1/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.samba.org/samba/security/CVE-2009-0022.html"}, {"name": "51152", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/51152"}, {"name": "33379", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33379"}, {"name": "33431", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33431"}, {"name": "ADV-2009-0017", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/0017"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-0022", "datePublished": "2009-01-05T20:00:00", "dateReserved": "2008-12-15T00:00:00", "dateUpdated": "2024-08-07T04:17:10.480Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "44746973-3CFD-4808-9545-755E296EFF6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "31E4627C-5D19-4599-B304-D0E4D4193170", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "EEE162A7-969D-44D5-B9ED-764F20F19C87", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "28DF45AE-DF03-4321-A019-D3BBC16433B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "64D87AD2-89F2-455F-916E-D404E6BD02C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "6218AB51-DE71-40F3-8CBC-AF33586D36EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "D02F8427-0DCC-48A9-A04F-939571D511E7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name."}, {"lang": "es", "value": "Samba v3.2.0 hasta v3.2.6, cuando el registro de acciones est\u00e1 habilitado, permite a usuarios autenticados remotamente acceder al sistema de ficheros ra\u00edz a trav\u00e9s de una petici\u00f3n de conexi\u00f3n manipulada que especifica un nombre de recurso compartido en blanco."}], "evaluatorSolution": "Patch Information - http://www.samba.org/samba/history/security.html", "id": "CVE-2009-0022", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 6.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-01-05T20:30:02.390", "references": [{"source": "secalert@redhat.com", "url": "http://master.samba.org/samba/ftp/patches/security/samba-3.2.6-CVE-2009-0022.patch"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/51152"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33379"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/33392"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/33431"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:042"}, {"source": "secalert@redhat.com", "url": "http://www.samba.org/samba/security/CVE-2009-0022.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/33118"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1021513"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2009/0017"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47733"}, {"source": "secalert@redhat.com", "url": "https://usn.ubuntu.com/702-1/"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00309.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://master.samba.org/samba/ftp/patches/security/samba-3.2.6-CVE-2009-0022.patch"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/51152"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33379"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/33392"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/33431"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:042"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.samba.org/samba/security/CVE-2009-0022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/33118"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1021513"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/0017"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47733"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/702-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00309.html"}], "sourceIdentifier": "secalert@redhat.com", "vendorComments": [{"comment": "Not vulnerable. This issue did not affect the versions of samba as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.", "lastModified": "2009-01-07T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}