Unrated severityNVD Advisory· Published Oct 7, 2009· Updated Jun 16, 2026
CVE-2009-2948
CVE-2009-2948
Description
mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*range: >=3.0.0,<3.0.37
- (no CPE)range: <3.0.37, <3.2.15, <3.3.8, <3.4.2
- osv-coords2 versionspkg:rpm/opensuse/cifs-utils&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/samba&distro=openSUSE%20Tumbleweed
< 6.5-1.5+ 1 more
- (no CPE)range: < 6.5-1.5
- (no CPE)range: < 4.5.0-1.1
Patches
Vulnerability mechanics
References
21- slackware.com/security/viewer.phpnvdPatchThird Party Advisory
- www.samba.org/samba/security/CVE-2009-2948.htmlnvdPatchVendor Advisory
- www.securityfocus.com/bid/36572nvdPatchThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdBroken LinkPatchThird Party AdvisoryVDB Entry
- www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.htmlnvdPatchThird Party Advisory
- www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.htmlnvdPatchThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.htmlnvdMailing ListThird Party Advisory
- news.samba.org/releases/3.0.37/nvdBroken LinkVendor Advisory
- news.samba.org/releases/3.2.15/nvdBroken LinkVendor Advisory
- news.samba.org/releases/3.3.8/nvdBroken LinkVendor Advisory
- news.samba.org/releases/3.4.2/nvdBroken LinkVendor Advisory
- secunia.com/advisories/36893nvdNot ApplicableVendor Advisory
- secunia.com/advisories/36918nvdNot ApplicableVendor Advisory
- secunia.com/advisories/36937nvdNot ApplicableVendor Advisory
- secunia.com/advisories/36953nvdNot ApplicableVendor Advisory
- www.ubuntu.com/usn/USN-839-1nvdThird Party Advisory
- www.vupen.com/english/advisories/2009/2810nvdPermissions RequiredVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/53574nvdThird Party AdvisoryVDB Entry
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10434nvdBroken LinkThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7087nvdBroken LinkThird Party Advisory
- osvdb.org/58520nvdBroken Link
News mentions
0No linked articles in our index yet.