Signature Detail

SMB: Samba Root File System Access Exploit

This signature detects attempts to exploit a known vulnerability against Samba. A successful attack can lead to arbitrary file access and possible code execution.

Extended Description

Samba is prone to an unauthorized-access vulnerability that occurs when registry shares are enabled. An attacker who has authenticated access to the affected application can exploit this issue to gain access to the root filesystem.

Affected Products

• Mandriva Linux Mandrake 2009.0
• Mandriva Linux Mandrake 2009.0 X86 64
• Pardus Linux 2008
• Red Hat Fedora 10
• Red Hat Fedora 9
• Samba 3.0.0
• Samba 3.0.0 Alpha
• Samba 3.0.1
• Samba 3.0.10
• Samba 3.0.11
• Samba 3.0.12
• Samba 3.0.13
• Samba 3.0.14
• Samba 3.0.14A
• Samba 3.0.2
• Samba 3.0.20
• Samba 3.0.20A
• Samba 3.0.20B
• Samba 3.0.21
• Samba 3.0.21A
• Samba 3.0.21B
• Samba 3.0.21C
• Samba 3.0.22
• Samba 3.0.23A
• Samba 3.0.23B
• Samba 3.0.23C
• Samba 3.0.23D
• Samba 3.0.24
• Samba 3.0.25
• Samba 3.0.25A
• Samba 3.0.25B
• Samba 3.0.25C
• Samba 3.0.25 Pre1
• Samba 3.0.25 Pre2
• Samba 3.0.25 Rc1
• Samba 3.0.25 Rc2
• Samba 3.0.25 Rc3
• Samba 3.0.26
• Samba 3.0.26A
• Samba 3.0.27
• Samba 3.0.27A
• Samba 3.0.28
• Samba 3.0.28A
• Samba 3.0.29
• Samba 3.0.2 A
• Samba 3.0.3
• Samba 3.0.30
• Samba 3.0.32
• Samba 3.0.33
• Samba 3.0.4
• Samba 3.0.4 -R1
• Samba 3.0.5
• Samba 3.0.6
• Samba 3.0.7
• Samba 3.0.8
• Samba 3.0.9
• Samba 3.2.0
• Samba 3.2.1
• Samba 3.2.2
• Samba 3.2.3
• Samba 3.2.4
• Samba 3.2.5
• Slackware Linux 12.2
• Slackware Linux -Current
• SuSE openSUSE 10.3
• SuSE openSUSE 11.0
• SuSE openSUSE 11.1
• Ubuntu Ubuntu Linux 8.10 Amd64
• Ubuntu Ubuntu Linux 8.10 I386
• Ubuntu Ubuntu Linux 8.10 Lpia
• Ubuntu Ubuntu Linux 8.10 Powerpc
• Ubuntu Ubuntu Linux 8.10 Sparc

References

• BugTraq: 33118
• CVE: CVE-2009-0022
• URL: http://us1.samba.org/samba/security/CVE-2009-0022.html