Vulnerabilities > CVE-2009-3297

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

nessus

NVD

Published: 2010-03-02

Updated: 2023-11-07

Summary

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-0787, CVE-2010-0788, CVE-2010-0789. Reason: this candidate was intended for one issue in Samba, but it was used for multiple distinct issues, including one in FUSE and one in ncpfs. Notes: All CVE users should consult CVE-2010-0787 (Samba), CVE-2010-0788 (ncpfs), and CVE-2010-0789 (FUSE) to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage

Nessus

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2010-1190.NASL
description	- Tue Jan 26 2010 Guenther Deschner <gdeschner at redhat.com> - 3.4.5-0.47 - Security Release, fixes CVE-2009-3297 - resolves: #532940 - Tue Jan 19 2010 Guenther Deschner <gdeschner at redhat.com> - 3.4.5-0.46 - Update to 3.4.5 - Thu Jan 7 2010 Guenther Deschner <gdeschner at redhat.com> - 3.4.4-0.45 - Update to 3.4.4 - Thu Oct 29 2009 Guenther Deschner <gdeschner at redhat.com> - 3.4.3-0.44 - Update to 3.4.3 - Wed Oct 7 2009 Guenther Deschner <gdeschner at redhat.com> - 3.4.2-0.43 - Fix required talloc version - resolves: #527806 - Thu Oct 1 2009 Guenther Deschner <gdeschner at redhat.com> - 3.4.2-0.42 - Update to 3.4.2 - Security Release, fixes CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906 - Wed Sep 9 2009 Guenther Deschner <gdeschner at redhat.com> - 3.4.1.0-41 - Update to 3.4.1 - Fri Jul 17 2009 Guenther Deschner <gdeschner at redhat.com> - 3.4.0-0.40 - Fix Bug #6551 (vuid and tid not set in sessionsetupX and tconX) - Specify required talloc and tdb version for BuildRequires - Wed Jul 15 2009 Guenther Deschner <gdeschner at redhat.com> - 3.4.0-0.39 - Update to 3.4.0 - resolves: #510558 - Fri Jun 19 2009 Guenther Deschner <gdeschner at redhat.com> - 3.3.5-0.38 - Fix password expiry calculation in pam_winbind - Tue Jun 16 2009 Guenther Deschner <gdeschner at redhat.com> - 3.3.5-0.37 - Update to 3.3.5 - Wed Apr 29 2009 Guenther Deschner <gdeschner at redhat.com> - 3.3.4-0.36 - Update to 3.3.4 - Mon Apr 20 2009 Guenther Deschner <gdeschner at redhat.com> - 3.3.3-0.35 - Enable build of idmap_tdb2 for clustered setups - Wed Apr 1 2009 Guenther Deschner <gdeschner at redhat.com> - 3.3.3-0.34 - Update to 3.3.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	47239
published	2010-07-01
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/47239
title	Fedora 11 : samba-3.4.5-0.47.fc11 (2010-1190)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_1_FUSE-100203.NASL
description	A race condition in fusermount allowed users to umount any filesystem (CVE-2009-3297).
last seen	2020-06-01
modified	2020-06-02
plugin id	44611
published	2010-02-15
reporter	This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/44611
title	openSUSE Security Update : fuse (fuse-1897)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_0_FUSE-100203.NASL
description	A race condition in fusermount allowed users to umount any filesystem (CVE-2009-3297).
last seen	2020-06-01
modified	2020-06-02
plugin id	44606
published	2010-02-15
reporter	This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/44606
title	openSUSE Security Update : fuse (fuse-1897)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2010-1159.NASL
description	Fixed CVE-2009-3297 (rhbz #558833) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	47236
published	2010-07-01
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/47236
title	Fedora 12 : fuse-2.8.1-4.fc12 (2010-1159)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_FUSE-100126.NASL
description	A race condition in fusermount allowed users to umount any filesystem (CVE-2009-3297). This has been fixed.
last seen	2020-06-01
modified	2020-06-02
plugin id	44389
published	2010-02-03
reporter	This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/44389
title	SuSE 11 Security Update : fuse (SAT Patch Number 1867)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-2004.NASL
description	Two local vulnerabilities have been discovered in samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-3297 Ronald Volgers discovered that a race condition in mount.cifs allows local users to mount remote filesystems over arbitrary mount points. - CVE-2010-0547 Jeff Layton discovered that missing input sanitising in mount.cifs allows denial of service by corrupting /etc/mtab.
last seen	2020-06-01
modified	2020-06-02
plugin id	44950
published	2010-03-02
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/44950
title	Debian DSA-2004-1 : samba - several vulnerabilities

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2010-1140.NASL
description	Fixed CVE-2009-3297 (rhbz #558833) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	47233
published	2010-07-01
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/47233
title	Fedora 11 : fuse-2.8.1-2.fc11 (2010-1140)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2010-14678.NASL
description	- Thu Sep 9 2010 Guenther Deschner <gdeschner at redhat.com> - 3.4.9-60 - Security Release, fixes CVE-2010-3069 - resolves: #630869 - Wed May 12 2010 Guenther Deschner <gdeschner at redhat.com> - 3.4.8-59 - Update to 3.4.8 - Make sure nmb and smb initscripts return LSB compliant return codes - resolves: #521095 - Mon Mar 8 2010 Simo Sorce <ssorce at redhat.com> - 3.4.7-58 - Security update to 3.4.7 - Fixes CVE-2010-0728 - Wed Feb 24 2010 Guenther Deschner <gdeschner at redhat.com> - 3.4.6-57 - Update to 3.4.6 - Wed Feb 17 2010 Guenther Deschner <gdeschner at redhat.com> - 3.4.5-56 - Fix crash in cifs.upcall - resolves: #565446 - Tue Jan 26 2010 Guenther Deschner <gdeschner at redhat.com> - 3.4.5-55 - Security Release, fixes CVE-2009-3297 - resolves: #532940 - Tue Jan 26 2010 Guenther Deschner <gdeschner at redhat.com> - 3.4.5-54 - Fix crash in pdbedit - resolves: #541267 - Tue Jan 19 2010 Guenther Deschner <gdeschner at redhat.com> - 3.4.5-53 - Update to 3.4.5 - Thu Jan 14 2010 Guenther Deschner <gdeschner at redhat.com> - 3.4.4-52 - Fix crash bug in libsmbclient (SMBC_parse_path) - resolves: #552658 - Thu Jan 7 2010 Guenther Deschner <gdeschner at redhat.com> - 3.4.4-51 - Update to 3.4.4 - Tue Dec 1 2009 Guenther Deschner <gdeschner at redhat.com> - 3.4.3-50 - Fix uninitialized rpc client pipe, causing winbind to crash - resolves: #541328 - Wed Nov 25 2009 Guenther Deschner <gdeschner at redhat.com> - 3.4.3-49 - Various updates to inline documentation in default smb.conf file - resolves: #483703 - Thu Oct 29 2009 Guenther Deschner <gdeschner at redhat.com> - 3.4.3-48 - Update to 3.4.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	49248
published	2010-09-16
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/49248
title	Fedora 12 : samba-3.4.9-60.fc12 (2010-14678)

NASL family	SuSE Local Security Checks
NASL id	SUSE_FUSE-6840.NASL
description	A race condition in fusermount allows non-privileged users to umount any file system. (CVE-2009-3297)
last seen	2020-06-01
modified	2020-06-02
plugin id	51741
published	2011-01-27
reporter	This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/51741
title	SuSE 10 Security Update : fuse (ZYPP Patch Number 6840)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_2_FUSE-100203.NASL
description	A race condition in fusermount allowed users to umount any filesystem (CVE-2009-3297).
last seen	2020-06-01
modified	2020-06-02
plugin id	44616
published	2010-02-15
reporter	This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/44616
title	openSUSE Security Update : fuse (fuse-1897)

NASL family	SuSE Local Security Checks
NASL id	SUSE_FUSE-6838.NASL
description	A race condition in fusermount allows non-privileged users to umount any file system. (CVE-2009-3297)
last seen	2020-06-01
modified	2020-06-02
plugin id	51740
published	2011-01-27
reporter	This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/51740
title	SuSE 10 Security Update : fuse (ZYPP Patch Number 6838)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2010-1218.NASL
description	- Tue Jan 26 2010 Guenther Deschner <gdeschner at redhat.com> - 3.4.5-55 - Security Release, fixes CVE-2009-3297 - resolves: #532940 - Tue Jan 26 2010 Guenther Deschner <gdeschner at redhat.com> - 3.4.5-54 - Fix crash in pdbedit - resolves: #541267 - Tue Jan 19 2010 Guenther Deschner <gdeschner at redhat.com> - 3.4.5-53 - Update to 3.4.5 - Thu Jan 14 2010 Guenther Deschner <gdeschner at redhat.com> - 3.4.4-52 - Fix crash bug in libsmbclient (SMBC_parse_path) - resolves: #552658 - Thu Jan 7 2010 Guenther Deschner <gdeschner at redhat.com> - 3.4.4-51 - Update to 3.4.4 - Tue Dec 1 2009 Guenther Deschner <gdeschner at redhat.com> - 3.4.3-50 - Fix uninitialized rpc client pipe, causing winbind to crash - resolves: #541328 - Wed Nov 25 2009 Guenther Deschner <gdeschner at redhat.com> - 3.4.3-49 - Various updates to inline documentation in default smb.conf file - resolves: #483703 - Thu Oct 29 2009 Guenther Deschner <gdeschner at redhat.com> - 3.4.3-48 - Update to 3.4.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	47241
published	2010-07-01
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/47241
title	Fedora 12 : samba-3.4.5-55.fc12 (2010-1218)

Seebug

bulletinFamily	exploit
description	Bugraq ID: 37992 CVE ID：CVE-2009-3297 mount.cifs是Samba应用程序包含的工具。mount.cifs程序允许用户通过不同的方式传送凭据文件的名称或包含有口令的文件。 mount.cifs存在竞争条件问题，本地攻击者可以利用漏洞提升特权。建立一个路径不包含符号链接的tmp目录，使用mount.cifs开始加载攻击者所控制的共享，但当密码对话框提示时把它转到到后台，使用符号链接把 temp目录链接到/etc/pam.d，然后再把mount.cifs切换到前台，输入密码，按回车，此时攻击者的共享加载在/etc/pam.d中，导致特权提升。 Samba Samba 3.4.5 Samba Samba 3.4.2 Samba Samba 3.4.1 Samba Samba 3.3.8 Samba Samba 3.3.7 Samba Samba 3.3.6 Samba Samba 3.3.5 Samba Samba 3.2.15 Samba Samba 3.2.14 Samba Samba 3.2.13 Samba Samba 3.2.12 Samba Samba 3.2.5 Samba Samba 3.2.4 Samba Samba 3.2.3 Samba Samba 3.2.2 Samba Samba 3.2.1 Samba Samba 3.2 Samba Samba 3.0.37 Samba Samba 3.0.36 Samba Samba 3.0.35 Samba Samba 3.0.34 Samba Samba 3.0.33 Samba Samba 3.0.32 Samba Samba 3.0.30 Samba Samba 3.0.29 Samba Samba 3.0.29 Samba Samba 3.0.28 a Samba Samba 3.0.28 Samba Samba 3.0.27 Samba Samba 3.0.26 Samba Samba 3.0.25 rc3 Samba Samba 3.0.25 rc2 Samba Samba 3.0.25 rc1 Samba Samba 3.0.25 pre2 Samba Samba 3.0.25 pre1 Samba Samba 3.0.25 c Samba Samba 3.0.25 b Samba Samba 3.0.25 a Samba Samba 3.0.25 Samba Samba 3.0.24 Samba Samba 3.0.22 Samba Samba 3.0.21 Samba Samba 3.0.20 Samba Samba 3.0.14 Samba Samba 3.0.13 Samba Samba 3.0.12 Samba Samba 3.0.11 Samba Samba 3.0.10 Samba Samba 3.0.9 Samba Samba 3.0.8 Samba Samba 3.0.7 Samba Samba 3.0.6 Samba Samba 3.0.5 Samba Samba 3.0.4 -r1 Samba Samba 3.0.4 Samba Samba 3.0.3 Samba Samba 3.0.2 a Samba Samba 3.0.2 Samba Samba 3.0.1 Samba Samba 3.0 alpha Samba Samba 3.0 Samba Samba 3.0.27a Samba Samba 3.0.27 Samba Samba 3.0.26a Samba Samba 3.0.23d Samba Samba 3.0.23c Samba Samba 3.0.23b Samba Samba 3.0.23a Samba Samba 3.0.21c Samba Samba 3.0.21b Samba Samba 3.0.21a Samba Samba 3.0.20b Samba Samba 3.0.20a Samba Samba 3.0.14a 用户可联系供应商获得最新程序： http://www.samba.org/
id	SSV:19045
last seen	2017-11-19
modified	2010-02-02
published	2010-02-02
reporter	Root
title	Samba 'mount.cifs'本地特权提升漏洞

Vulnerabilities > CVE-2009-3297 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2009-3297"}]}

Summary

Nessus

Seebug

References

Vulnerabilities > CVE-2009-3297