Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0022 to the following vulnerability: Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name. Issue was fixed upstream in 3.2.7. Upstream advisory: http://www.samba.org/samba/security/CVE-2009-0022.html Upstream patch: http://www.samba.org/samba/ftp/patches/security/samba-3.2.6-CVE-2009-0022.patch References: http://secunia.com/advisories/33379
This issue did not affect the versions of samba as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
samba-3.2.7-0.23.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F9/FEDORA-2009-0268 https://admin.fedoraproject.org/updates/F10/FEDORA-2009-0160