CVE-2009-1888 — MEDIUM (5.8)

Q: How severe is CVE-2009-1888?

CVE-2009-1888 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-1888?

Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba, Debian Debian Linux, Canonical Ubuntu Linux.

Vulnerability Description

The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.

CVSS Score

5.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:N

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Samba	Samba	>= 3.0.31, <= 3.0.35
Debian	Debian Linux	4.0
Canonical	Ubuntu Linux	6.06

Related Weaknesses (CWE)

CWE-264

References

http://secunia.com/advisories/35539Third Party Advisory
http://secunia.com/advisories/35573Third Party Advisory
http://secunia.com/advisories/35606Third Party Advisory
http://secunia.com/advisories/36918Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2009-0145Third Party Advisory
http://www.debian.org/security/2009/dsa-1823Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:196Third Party Advisory
http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patchExploitPatchVendor Advisory
http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patchPatchVendor Advisory
http://www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patchPatchVendor Advisory
http://www.samba.org/samba/security/CVE-2009-1888.htmlPatchVendor Advisory
http://www.securityfocus.com/archive/1/507856/100/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/35472ExploitThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1022442Third Party AdvisoryVDB Entry
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackThird Party Advisory

FAQ

What is CVE-2009-1888?

CVE-2009-1888 is a vulnerability with a CVSS score of 5.8 (MEDIUM). The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers ...

How severe is CVE-2009-1888?

CVE-2009-1888 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-1888?

Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba, Debian Debian Linux, Canonical Ubuntu Linux.