CVE-2009-1888

Sažetak

The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.

Reference

http://www.vupen.com/english/advisories/2009/1664
http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch
http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch
http://www.samba.org/samba/security/CVE-2009-1888.html
http://www.securityfocus.com/bid/35472
http://secunia.com/advisories/35539
http://www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch
http://www.securitytracker.com/id?1022442
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591
http://secunia.com/advisories/35573
http://secunia.com/advisories/35606
http://www.debian.org/security/2009/dsa-1823
http://www.mandriva.com/security/advisories?name=MDVSA-2009:196
http://secunia.com/advisories/36918
http://www.ubuntu.com/usn/USN-839-1
http://wiki.rpath.com/Advisories:rPSA-2009-0145
https://exchange.xforce.ibmcloud.com/vulnerabilities/51327
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7292
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10790
http://www.securityfocus.com/archive/1/507856/100/0/threaded

CVSS

Base:	5.8
Impact:	4.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

29-08-2022 - 19:43

Objavljeno

25-06-2009 - 01:30