Common Vulnerabilities and Exposures assigned an identifier CVE-2009-2813 to the following vulnerability: The SMB (aka Samba) subsystem in Apple Mac OS X 10.5.8, when Windows File Sharing is enabled, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories. References: ----------- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813 http://support.apple.com/kb/HT3865 http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://secunia.com/advisories/36701
This issue does NOT affect the version of samba package, as shipped in Red Hat Enterprise Linux 3. This issue affects the versions of samba package, as shipped in Red Hat Enterprise Linux 4 and 5. -- This issue affects the latest versions of the samba package, as shipped with Fedora releases of 10 and 11 (samba-3.2.14-0.35.fc10 and samba-3.4.1-0.41.fc11). Please fix.
Upstream advisory: http://www.samba.org/samba/security/CVE-2009-2813.html Fixed in upstream versoins: 3.0.37, 3.2.15, 3.3.8 and 3.4.2
samba-3.2.15-0.36.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
samba-3.4.2-0.42.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2009:1529 https://rhn.redhat.com/errata/RHSA-2009-1529.html
This issue has been addressed in following products: Extras for Red Hat Enterprise Linux 5 Via RHSA-2009:1585 https://rhn.redhat.com/errata/RHSA-2009-1585.html