Samba.Registry.Share.Unauthorized.Access

description-logoDescription

This indicates an attack attempt against an Unauthorized Access vulnerability in Samba server.
The vulnerability is caused by a lack of sanitization in the "share name" when registry shares are enabled. By sending a specially crafted "TREE_CONNECT_ANDX" request to a samba server, a remote attacker can access the root file system.

affected-products-logoAffected Products

Samba 3.2.0 through 3.2.6

Impact logoImpact

Security Bypass: Remote attackers can bypass the security checking of vulnerable systems.

recomended-action-logoRecommended Actions

Refer to the vendor's web site for suggested workground.
http://www.samba.org/samba/security/CVE-2009-0022.html

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)