CVE-2009-1888

The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.
References
Link Resource
http://www.vupen.com/english/advisories/2009/1664 Permissions Required Third Party Advisory
http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch Exploit Patch Vendor Advisory
http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch Patch Vendor Advisory
http://www.samba.org/samba/security/CVE-2009-1888.html Patch Vendor Advisory
http://www.securityfocus.com/bid/35472 Exploit Third Party Advisory VDB Entry
http://secunia.com/advisories/35539 Third Party Advisory
http://www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch Patch Vendor Advisory
http://www.securitytracker.com/id?1022442 Third Party Advisory VDB Entry
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591 Third Party Advisory
http://secunia.com/advisories/35573 Third Party Advisory
http://secunia.com/advisories/35606 Third Party Advisory
http://www.debian.org/security/2009/dsa-1823 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:196 Third Party Advisory
http://secunia.com/advisories/36918 Third Party Advisory
http://www.ubuntu.com/usn/USN-839-1 Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2009-0145 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/51327 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7292 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10790 Third Party Advisory
http://www.securityfocus.com/archive/1/507856/100/0/threaded Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*

Information

Published : 2009-06-24 18:30

Updated : 2022-08-29 12:43


NVD link : CVE-2009-1888

Mitre link : CVE-2009-1888


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

debian

  • debian_linux

canonical

  • ubuntu_linux

samba

  • samba