>> Samba Empty Share Name Root Filesystem Access Vulnerability
Title : Samba Empty Share Name Root Filesystem Access Vulnerability VUPEN ID : VUPEN/ADV-2009-0017 CVE ID : CVE-2009-0022 CWE ID : CWE-264
Rated as : Low Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2009-01-05
Technical Description
A vulnerability has been identified in Samba, which could be exploited by attackers to bypass security restrictions. This issue is caused by an error when handling connections to a share called "" (empty string) using an older version of smbclient (prior to 3.0.28) while the "registry shares" option is enabled, which could cause access to the root filesystem to be granted with the privileges of the authenticated user.
