Intrusion Prevention

Samba.Registry.Share.Unauthorized.Access

Description

This indicates an attack attempt against an Unauthorized Access vulnerability in Samba server.
The vulnerability is caused by a lack of sanitization in the "share name" when registry shares are enabled. By sending a specially crafted "TREE_CONNECT_ANDX" request to a samba server, a remote attacker can access the root file system.

Affected Products

Samba 3.2.0 through 3.2.6

Impact

Security Bypass: Remote attackers can bypass the security checking of vulnerable systems.

Recommended Actions

Refer to the vendor's web site for suggested workground.
http://www.samba.org/samba/security/CVE-2009-0022.html

CVE References

CVE-2009-0022