CVE-2009-0022

Related Files

Mandriva Linux Security Advisory 2009-042

Posted Feb 18, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-042 - Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name. This update provides samba 3.2.7 to address this issue.

tags | advisory, remote, root, registry

systems | linux, mandriva

advisories | CVE-2009-0022

SHA-256 | efb5f8b23c9eedd417563c173288af30bba7270229333d7b3a27d00d1092a230

Download | Favorite | View

Ubuntu Security Notice 702-1

Posted Jan 6, 2009

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-702-1 - Gunter Hockel discovered that Samba with registry shares enabled did not properly validate share names. An authenticated user could gain access to the root filesystem by using an older version of smbclient and specifying an empty string as a share name. This is only an issue if registry shares are enabled on the server by setting "registry shares = yes", "include = registry", or "config backend = registry", which is not the default.

tags | advisory, root, registry

systems | linux, ubuntu

advisories | CVE-2009-0022

SHA-256 | 1f54398ec952d4b39f2110cd81591e592bacac95220038e4c096a6ab8d8ae1ba

Download | Favorite | View