Unrated severityNVD Advisory· Published Oct 7, 2009· Updated Apr 23, 2026
CVE-2009-2948
CVE-2009-2948
Description
mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
21- slackware.com/security/viewer.phpnvdPatchThird Party Advisory
- www.samba.org/samba/security/CVE-2009-2948.htmlnvdPatchVendor Advisory
- www.securityfocus.com/bid/36572nvdPatchThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdBroken LinkPatchThird Party AdvisoryVDB Entry
- www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.htmlnvdPatchThird Party Advisory
- www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.htmlnvdPatchThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.htmlnvdMailing ListThird Party Advisory
- news.samba.org/releases/3.0.37/nvdBroken LinkVendor Advisory
- news.samba.org/releases/3.2.15/nvdBroken LinkVendor Advisory
- news.samba.org/releases/3.3.8/nvdBroken LinkVendor Advisory
- news.samba.org/releases/3.4.2/nvdBroken LinkVendor Advisory
- secunia.com/advisories/36893nvdNot ApplicableVendor Advisory
- secunia.com/advisories/36918nvdNot ApplicableVendor Advisory
- secunia.com/advisories/36937nvdNot ApplicableVendor Advisory
- secunia.com/advisories/36953nvdNot ApplicableVendor Advisory
- www.ubuntu.com/usn/USN-839-1nvdThird Party Advisory
- www.vupen.com/english/advisories/2009/2810nvdPermissions RequiredVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/53574nvdThird Party AdvisoryVDB Entry
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10434nvdBroken LinkThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7087nvdBroken LinkThird Party Advisory
- osvdb.org/58520nvdBroken Link
News mentions
0No linked articles in our index yet.