Unrated severityNVD Advisory· Published Sep 14, 2009· Updated Jun 16, 2026
CVE-2009-2813
CVE-2009-2813
Description
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
82cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*+ 75 more
- cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25c:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.26:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.26a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.27:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.27a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.28:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.28a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.29:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.30:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.31:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.32:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.33:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.34:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.35:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.36:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.4.1:*:*:*:*:*:*:*
- (no CPE)range: >=3.0.12 <=3.0.36, >=3.2 <3.2.15, >=3.3 <3.3.8, >=3.4 <3.4.2
cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*
- (no CPE)range: 10.5.8
- cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
- osv-coords2 versionspkg:rpm/opensuse/cifs-utils&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/samba&distro=openSUSE%20Tumbleweed
< 6.5-1.5+ 1 more
- (no CPE)range: < 6.5-1.5
- (no CPE)range: < 4.5.0-1.1
Patches
Vulnerability mechanics
References
30- secunia.com/advisories/36701nvdVendor Advisory
- secunia.com/advisories/36893nvdVendor Advisory
- secunia.com/advisories/36918nvdVendor Advisory
- secunia.com/advisories/36937nvdVendor Advisory
- secunia.com/advisories/36953nvdVendor Advisory
- secunia.com/advisories/37428nvdVendor Advisory
- support.apple.com/kb/HT3865nvdVendor Advisory
- www.samba.org/samba/security/CVE-2009-2813.htmlnvdVendor Advisory
- www.vupen.com/english/advisories/2009/2810nvdVendor Advisory
- lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.htmlnvd
- marc.infonvd
- news.samba.org/releases/3.0.37/nvd
- news.samba.org/releases/3.2.15/nvd
- news.samba.org/releases/3.3.8/nvd
- news.samba.org/releases/3.4.2/nvd
- osvdb.org/57955nvd
- slackware.com/security/viewer.phpnvd
- sunsolve.sun.com/search/document.donvd
- wiki.rpath.com/Advisories:rPSA-2009-0145nvd
- www.securityfocus.com/archive/1/507856/100/0/threadednvd
- www.securityfocus.com/bid/36363nvd
- www.ubuntu.com/usn/USN-839-1nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/53174nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7211nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7257nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7791nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9191nvd
- www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.htmlnvd
News mentions
0No linked articles in our index yet.