J. David Hester

**Name of the Vulnerable Software and Affected Versions** Samba versions 3.0.12 through 3.0.36 Samba versions 3.2 through 3.2.15 Samba versions 3.3 through 3.3.8 Samba versions 3.4 through 3.4.2 **Description** The issue allows remote authenticated users to bypass intended sharing restrictions and read, create, or modify files in certain circumstances involving user accounts that lack home directories. This is due to improper handling of errors in resolving pathnames. The vulnerability can be exploited by a remote attacker who has passed the authentication procedure. **Recommendations** For Samba versions 3.0.12 through 3.0.36, update to version 3.0.37 or later. For Samba versions 3.2 through 3.2.15, update to version 3.2.16 or later. For Samba versions 3.3 through 3.3.8, update to version 3.3.9 or later. For Samba versions 3.4 through 3.4.2, update to version 3.4.3 or later.