CVE-2009-1888

The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.

Published: Jun 25, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-1888
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
samba / samba	3.2.0	3.2.13
samba / samba	3.3.0	3.3.6
samba / samba	3.0.31	3.0.35.x
debian / debian_linux	5.0	5.0.x
debian / debian_linux	4.0	4.0.x
canonical / ubuntu_linux	6.06	6.06.x
canonical / ubuntu_linux	9.04	9.04.x
canonical / ubuntu_linux	8.04	8.04.x
canonical / ubuntu_linux	8.10	8.10.x

http://secunia.com/advisories/35539
http://secunia.com/advisories/35573
http://secunia.com/advisories/35606
http://secunia.com/advisories/36918
http://wiki.rpath.com/Advisories:rPSA-2009-0145
http://www.debian.org/security/2009/dsa-1823
http://www.mandriva.com/security/advisories?name=MDVSA-2009:196
http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch
http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch
http://www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch
http://www.samba.org/samba/security/CVE-2009-1888.html
http://www.securityfocus.com/archive/1/507856/100/0/threaded
http://www.securityfocus.com/bid/35472
http://www.securitytracker.com/id?1022442
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591
http://www.ubuntu.com/usn/USN-839-1
http://www.vupen.com/english/advisories/2009/1664
https://exchange.xforce.ibmcloud.com/vulnerabilities/51327
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10790
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7292

Vulnerability Database

289,599

CVE-2009-1888