CVE-2009-1888 — Samba vulnerability

CWE-2647 documents7 sources

Severity

5.8MEDIUMNVD

EPSS

5.4%

top 9.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba Canonical Ubuntu Linux +1 more

Timeline

PublishedJun 25

Latest updateMay 2

Description

The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages3 packages

▶NVDsamba/samba3.2.0 — 3.2.13+2

▶debiandebian/samba< samba 2:3.3.6-1 (bookworm)

▶Debiansamba/samba< 2:3.3.6-1+3

Also affects: Debian Linux 4.0, 5.0, Ubuntu Linux 6.06, 8.04, 8.10, 9.04

Patches

Patch: www.samba.org ↗Patch: www.samba.org ↗Patch: www.samba.org ↗

🔴Vulnerability Details

GHSA

GHSA-mh49-m393-pw96: The acl_group_override function in smbd/posix_acls↗2022-05-02

▶

OSV

CVE-2009-1888: The acl_group_override function in smbd/posix_acls↗2009-06-25

▶

📋Vendor Advisories

Ubuntu

Samba vulnerabilities↗2009-10-01

▶

Red Hat

Samba improper file access↗2009-06-23

▶

Debian

CVE-2009-1888: samba - The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x befo...↗2009

▶

💬Community

Bugzilla

CVE-2009-1888 Samba improper file access↗2009-06-19

▶