CVE-2009-1888
First published: Thu Jun 25 2009(Updated: )
The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samba | >=3.2.0<3.2.13 | |
| Samba | >=3.3.0<3.3.6 | |
| Samba | >=3.0.31<=3.0.35 | |
| Debian Debian Linux | =5.0 | |
| Debian Debian Linux | =4.0 | |
| Ubuntu Linux | =6.06 | |
| Ubuntu Linux | =9.04 | |
| Ubuntu Linux | =8.04 | |
| Ubuntu Linux | =8.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.vupen.com/english/advisories/2009/1664
- http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch
- http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch
- http://www.samba.org/samba/security/CVE-2009-1888.html
- http://www.securityfocus.com/bid/35472
- http://secunia.com/advisories/35539
- http://www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch
- http://www.securitytracker.com/id?1022442
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591
- http://secunia.com/advisories/35573
- http://secunia.com/advisories/35606
- http://www.debian.org/security/2009/dsa-1823
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:196
- http://secunia.com/advisories/36918
- http://www.ubuntu.com/usn/USN-839-1
- http://wiki.rpath.com/Advisories:rPSA-2009-0145
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51327
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7292
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10790
- http://www.securityfocus.com/archive/1/507856/100/0/threaded
- agent/references
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/last-modified-date
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/description
- agent/weakness
- agent/severity
- agent/author
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-index
- vendor/samba
- canonical/samba
- version/samba/3.2.0
- version/samba/3.3.0
- version/samba/3.0.31
- version/samba/3.0.35
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/5.0
- version/debian debian linux/4.0
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/6.06
- version/ubuntu linux/9.04
- version/ubuntu linux/8.04
- version/ubuntu linux/8.10