Description
The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.
References (20)
Core 20
Core References
Permissions Required, Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1664
Patch, Vendor Advisory x_refsource_confirm
http://www.samba.org/samba/security/CVE-2009-1888.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/507856/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/51327
Third Party Advisory vendor-advisory
x_refsource_slackware
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591
Exploit, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35472
Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7292
Patch, Vendor Advisory x_refsource_confirm
http://www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2009/dsa-1823
Patch, Vendor Advisory x_refsource_confirm
http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35573
Exploit, Patch, Vendor Advisory x_refsource_confirm
http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35606
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-839-1
Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10790
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35539
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36918
Third Party Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:196
Third Party Advisory x_refsource_confirm
http://wiki.rpath.com/Advisories:rPSA-2009-0145
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022442
Scores
EPSS
0.0539
EPSS Percentile
90.2%
Details
CWE
CWE-264
Status
published
Products (7)
canonical/ubuntu_linux
6.06
canonical/ubuntu_linux
8.04
canonical/ubuntu_linux
8.10
canonical/ubuntu_linux
9.04
debian/debian_linux
4.0
debian/debian_linux
5.0
samba/samba
3.0.31 - 3.0.35
Published
Jun 25, 2009
Tracked Since
Feb 18, 2026