CVE-2009-1888

Description

The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.

References

http://www.vupen.com/english/advisories/2009/1664

http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch

http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch

http://www.samba.org/samba/security/CVE-2009-1888.html

http://www.securityfocus.com/bid/35472

http://secunia.com/advisories/35539

http://www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch

http://www.securitytracker.com/id?1022442

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591

http://secunia.com/advisories/35573

http://secunia.com/advisories/35606

http://www.debian.org/security/2009/dsa-1823

http://www.mandriva.com/security/advisories?name=MDVSA-2009:196

http://secunia.com/advisories/36918

http://www.ubuntu.com/usn/USN-839-1

http://wiki.rpath.com/Advisories:rPSA-2009-0145

https://exchange.xforce.ibmcloud.com/vulnerabilities/51327

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7292

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10790

http://www.securityfocus.com/archive/1/507856/100/0/threaded

Details

Risk Information

CVSS v2