Search for vulnerabilities
Vulnerability details: VCID-qndy-8w5b-aaam
Vulnerability ID VCID-qndy-8w5b-aaam
Aliases CVE-2009-2813
Summary Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-264 Permissions, Privileges, and Access Controls
System Score Found at
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
rhas Moderate https://access.redhat.com/errata/RHSA-2009:1529
rhas Moderate https://access.redhat.com/errata/RHSA-2009:1585
epss 0.00366 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00366 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.01039 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.01596 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.01596 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.01596 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
epss 0.01596 https://api.first.org/data/v1/epss?cve=CVE-2009-2813
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=523752
cvssv2 6.0 https://nvd.nist.gov/vuln/detail/CVE-2009-2813
Reference id Reference type URL
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
http://marc.info/?l=bugtraq&m=126514298313071&w=2
http://news.samba.org/releases/3.0.37/
http://news.samba.org/releases/3.2.15/
http://news.samba.org/releases/3.3.8/
http://news.samba.org/releases/3.4.2/
http://osvdb.org/57955
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2813.json
https://api.first.org/data/v1/epss?cve=CVE-2009-2813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813
http://secunia.com/advisories/36701
http://secunia.com/advisories/36893
http://secunia.com/advisories/36918
http://secunia.com/advisories/36937
http://secunia.com/advisories/36953
http://secunia.com/advisories/37428
https://exchange.xforce.ibmcloud.com/vulnerabilities/53174
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7211
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7257
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7791
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9191
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1
http://support.apple.com/kb/HT3865
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html
http://wiki.rpath.com/Advisories:rPSA-2009-0145
http://www.samba.org/samba/security/CVE-2009-2813.html
http://www.securityfocus.com/archive/1/507856/100/0/threaded
http://www.securityfocus.com/bid/36363
http://www.ubuntu.com/usn/USN-839-1
http://www.vupen.com/english/advisories/2009/2810
523752 https://bugzilla.redhat.com/show_bug.cgi?id=523752
550422 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550422
cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
CVE-2009-2813 https://nvd.nist.gov/vuln/detail/CVE-2009-2813
RHSA-2009:1529 https://access.redhat.com/errata/RHSA-2009:1529
RHSA-2009:1585 https://access.redhat.com/errata/RHSA-2009:1585
USN-839-1 https://usn.ubuntu.com/839-1/
No exploits are available.
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2009-2813
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.57793
EPSS Score 0.00366
Published At June 25, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.