admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2009/CVE-2009-29xx/CVE-2009-2948.json
cad-safe-bot db95377d9f Auto-Update: 2024-04-04T08:42:25.815847+00:00
2024-04-04 08:46:00 +00:00

267 lines
7.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2009-2948",
"sourceIdentifier": "cve@mitre.org",
"published": "2009-10-07T18:30:00.920",
"lastModified": "2022-10-31T15:03:25.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option."
},
{
"lang": "es",
"value": "mount.cifs en Samba v3.0 anterior a v3.0.37, v3.2 anterior a v3.2.15, v3.3 anterior a v3.3.8 y v3.4 anterior a v3.4.2, cuando mount.cifs es instalado con el suid root, no refuerza los permisos adecuadamente, lo que permite a usuarios locales leer parte del archivo de credenciales y obtener la contrase\u00f1a especificando la ruta al archivo de credenciales y usando la opci\u00f3n --verbose o -v."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"accessVector": "LOCAL",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9
},
"baseSeverity": "LOW",
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.0.37",
"matchCriteriaId": "C0E114F0-973F-47CA-A233-53AC718A97F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.2.0",
"versionEndExcluding": "3.2.15",
"matchCriteriaId": "836C7AC0-CAE0-459A-A8A5-AA60DFD693CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.3.0",
"versionEndExcluding": "3.3.8",
"matchCriteriaId": "D9C888EF-28BF-44BF-9E47-564B0C3222F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.4.0",
"versionEndExcluding": "3.4.2",
"matchCriteriaId": "D3209E99-C442-4B0E-8EDB-E4EB995AC9C6"
}
]
}
]
}
],
"references": [
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html",
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://news.samba.org/releases/3.0.37/",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://news.samba.org/releases/3.2.15/",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://news.samba.org/releases/3.3.8/",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://news.samba.org/releases/3.4.2/",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://osvdb.org/58520",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/36893",
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/36918",
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/36937",
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/36953",
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Vendor Advisory"
]
},
{
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "http://www.samba.org/samba/security/CVE-2009-2948.html",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/36572",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id?1022975",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-839-1",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.vupen.com/english/advisories/2009/2810",
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Vendor Advisory"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53574",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10434",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
]
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7087",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
]
},
{
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink