The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.
http://www.vupen.com/english/advisories/2009/1664
http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch
http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch
http://www.samba.org/samba/security/CVE-2009-1888.html
http://www.securityfocus.com/bid/35472
http://secunia.com/advisories/35539
http://www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch
http://www.securitytracker.com/id?1022442
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591
http://secunia.com/advisories/35573
http://secunia.com/advisories/35606
http://www.debian.org/security/2009/dsa-1823
http://www.mandriva.com/security/advisories?name=MDVSA-2009:196
http://secunia.com/advisories/36918
http://www.ubuntu.com/usn/USN-839-1
http://wiki.rpath.com/Advisories:rPSA-2009-0145
https://exchange.xforce.ibmcloud.com/vulnerabilities/51327
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7292
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10790
http://www.securityfocus.com/archive/1/507856/100/0/threaded