CVE-2009-1888 Information

Description

The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35 3.1.x and 3.2.x before 3.2.13 and 3.3.x before 3.3.6 when dos filemode is enabled allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.

Reference

http://secunia.com/advisories/35539 http://secunia.com/advisories/35573 http://secunia.com/advisories/35606 http://secunia.com/advisories/36918 http://wiki.rpath.com/Advisories:rPSA-2009-0145 http://www.debian.org/security/2009/dsa-1823 http://www.mandriva.com/security/advisories?name=MDVSA-2009:196 http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch http://www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch http://www.samba.org/samba/security/CVE-2009-1888.html http://www.securityfocus.com/archive/1/507856/100/0/threaded http://www.securityfocus.com/bid/35472 http://www.securitytracker.com/id?1022442 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591 http://www.ubuntu.com/usn/USN-839-1 http://www.vupen.com/english/advisories/2009/1664 https://exchange.xforce.ibmcloud.com/vulnerabilities/51327 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10790 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A7292