Launchpad CVE tracker

CVE 2009-2948

mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.

Related bugs and status

CVE-2009-2948 (Candidate) is related to these bugs:

Bug #449735: [SRU] [karmic] Long SMB share names invisible and corrupts encodings

		In	Importance	Status
449735	[SRU] [karmic] Long SMB share names invisible and corrupts encodings	samba (Ubuntu)	High	Fix Released
449735	[SRU] [karmic] Long SMB share names invisible and corrupts encodings	samba	Medium	Invalid
449735	[SRU] [karmic] Long SMB share names invisible and corrupts encodings	samba (Ubuntu Karmic)	High	Fix Released
449735	[SRU] [karmic] Long SMB share names invisible and corrupts encodings	Release Notes for Ubuntu	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-2948

References