{ "document": { "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright © Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2009/cve-2009-0022.json" } ], "title": "samba: potential access to \"/\" in setups with registry shares enabled", "tracking": { "current_release_date": "2025-11-21T13:13:25+00:00", "generator": { "date": "2025-11-21T13:13:25+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.6.12" } }, "id": "CVE-2009-0022", "initial_release_date": "2009-01-05T00:00:00+00:00", "revision_history": [ { "date": "2009-01-05T00:00:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2025-04-09T00:44:57+00:00", "number": "2", "summary": "Current version" }, { "date": "2025-11-21T13:13:25+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "category": "vendor", "name": "Red Hat", "product": { "name": "All currently supported Red Hat products", "product_id": "red_hat_products", "product_identification_helper": { "cpe": "cpe:/a:redhat" } } } ] }, "vulnerabilities": [ { "cve": "CVE-2009-0022", "discovery_date": "2008-12-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "red_hat_products" ] } ], "notes": [ { "category": "description", "text": "Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name.", "title": "Vulnerability description" }, { "category": "other", "text": "Not vulnerable. This issue did not affect the versions of samba as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.", "title": "Statement" } ], "product_status": { "known_not_affected": [ "red_hat_products" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0022" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0022", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0022" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0022", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0022" } ], "release_date": "2009-01-05T00:00:00+00:00", "title": "samba: potential access to \"/\" in setups with registry shares enabled" } ] }