Vigil@nce: Samba, several vulnerabilities
October 2009 by Vigil@nce
An attacker can use several vulnerabilities of Samba, in order to
access to files, or to generate a denial of service.
Severity: 2/4
Consequences: data reading, data creation/edition, data deletion,
denial of service of service
Provenance: user account
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 3
Creation date: 02/10/2009
IMPACTED PRODUCTS
– Fedora
– Samba
– Slackware Linux
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Samba.
When the home directory of a user in /etc/passwd is empty, his
"[homes]" share uses the root of the system. This user can
therefore for example read files under /etc, or create files under
/tmp. [grav:2/4; CVE-2009-2813]
When mount.cifs is installed suid root, a local attacker can use
the "—verbose" option in order to display the first line of a
read protected file. [grav:1/4; CVE-2009-2948]
An authenticated attacker can use a malformed SMB query, in order
to generate an infinite loop. [grav:1/4; CVE-2009-2906]
An attacker can therefore use several vulnerabilities of Samba, in
order to access to files, or to generate a denial of service.
CHARACTERISTICS
Identifiers: CVE-2009-2813, CVE-2009-2906, CVE-2009-2948,
FEDORA-2009-10172, FEDORA-2009-10180, SSA:2009-276-01,
VIGILANCE-VUL-9065
http://vigilance.fr/vulnerability/Samba-several-vulnerabilities-9065