English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.63102
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-702-1)
Summary:The remote host is missing an update for the 'samba' package(s) announced via the USN-702-1 advisory.
Description:Summary:
The remote host is missing an update for the 'samba' package(s) announced via the USN-702-1 advisory.

Vulnerability Insight:
Gunter Hockel discovered that Samba with registry shares enabled did not
properly validate share names. An authenticated user could gain access to the
root filesystem by using an older version of smbclient and specifying an
empty string as a share name. This is only an issue if registry shares are
enabled on the server by setting 'registry shares = yes', 'include = registry',
or 'config backend = registry', which is not the default.

Affected Software/OS:
'samba' package(s) on Ubuntu 8.10.

Solution:
Please install the updated package(s).

CVSS Score:
6.3

CVSS Vector:
AV:N/AC:M/Au:S/C:C/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0022
1021513
http://www.securitytracker.com/id?1021513
33118
http://www.securityfocus.com/bid/33118
33379
http://secunia.com/advisories/33379
33392
http://secunia.com/advisories/33392
33431
http://secunia.com/advisories/33431
51152
http://osvdb.org/51152
ADV-2009-0017
http://www.vupen.com/english/advisories/2009/0017
FEDORA-2009-0268
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00309.html
MDVSA-2009:042
http://www.mandriva.com/security/advisories?name=MDVSA-2009:042
USN-702-1
https://usn.ubuntu.com/702-1/
http://master.samba.org/samba/ftp/patches/security/samba-3.2.6-CVE-2009-0022.patch
http://www.samba.org/samba/security/CVE-2009-0022.html
samba-file-system-security-bypass(47733)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47733
CopyrightCopyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.