Samba.Registry.Share.Unauthorized.Access
Description
This indicates an attack attempt against an Unauthorized Access vulnerability in Samba server.
The vulnerability is caused by a lack of sanitization in the "share name" when registry shares are enabled. By sending a specially crafted "TREE_CONNECT_ANDX" request to a samba server, a remote attacker can access the root file system.
Affected Products
Samba 3.2.0 through 3.2.6
Impact
Security Bypass: Remote attackers can bypass the security checking of vulnerable systems.
Recommended Actions
Refer to the vendor's web site for suggested workground.
http://www.samba.org/samba/security/CVE-2009-0022.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |