CVE-2009-0022: Potential access to "/" in setups with registry shares enabled

==========================================================
== Subject:     Potential access to "/" in setups with
==		registry shares enabled
==
== CVE ID#:    	CVE-2009-0022
==
== Versions:    Samba 3.2.0 - 3.2.6 (inclusive)
==
== Summary:     In setups with registry shares enabled,
==		access to the root filesystem ("/") is granted
==		when connecting to a share called "" (empty string)
==		using old versions of smbclient.
==
==========================================================

===========
Description
===========

When connecting to a share called "" (empty string) using an older
version of smbclient (before 3.0.28) for example with:

      'smbclient //server/ -U user%pass'

access to the root filesystem is granted with the privileges of the
authenticated user. This only happens in setups with registry shares
enabled by setting "registry shares = yes" which is implicitly set with
"include = registry" and "config backend = registry",
but is not the default.


==================
Patch Availability
==================

A patch addressing this defect has been posted to

  http://www.samba.org/samba/security/

Additionally, Samba 3.2.7 has been issued as a security
release to correct the defect. Samba administrators are
advised to upgrade to 3.2.7 or apply the patch as soon
as possible when "registry shares" is set to "yes".


==========
Workaround
==========

As a workaround, registry shares can be disabled using "registry shares = no".


=======
Credits
=======

This issue was found and reported to the Samba Team by
Gunter Höckel <Gunter.Hoeckel [at] fujitsu-siemens.com>.


==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================