Detections
Analytics

CVE-2009-1888

critical

Description

The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7292

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10790

https://exchange.xforce.ibmcloud.com/vulnerabilities/51327

http://www.vupen.com/english/advisories/2009/1664

http://www.ubuntu.com/usn/USN-839-1

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591

http://www.securitytracker.com/id?1022442

http://www.securityfocus.com/archive/1/507856/100/0/threaded

http://www.samba.org/samba/security/CVE-2009-1888.html

http://www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch

http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch

http://www.mandriva.com/security/advisories?name=MDVSA-2009:196

http://www.debian.org/security/2009/dsa-1823

http://wiki.rpath.com/Advisories:rPSA-2009-0145

http://secunia.com/advisories/36918

http://secunia.com/advisories/35606

http://secunia.com/advisories/35573

http://secunia.com/advisories/35539

Details

Source: Mitre, NVD

Published: 2009-06-25

Updated: 2022-08-29

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical