DEBIAN-CVE-2009-2948

DEBIAN-CVE-2009-2948 PUBLISHED CVSS 8.600000381469727 HIGH

mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.

Risk Scores

CVSS 4.0

8.600000381469727

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Debian:11	samba	0, 0, 0
Debian:14	samba	0, 0, 0
Debian:13	samba	0, 0, 0
Debian:12	samba	0, 0, 0

Timeline

Oct 7, 2009 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2009-2948 advisory

Open in Interactive Console →