The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Samba | Samba | 3.0.31 (including) | 3.0.35 (including) |
| Samba | Samba | 3.2.0 (including) | 3.2.13 (excluding) |
| Samba | Samba | 3.3.0 (including) | 3.3.6 (excluding) |
| Red Hat Enterprise Linux 4 | RedHat | samba-0:3.0.33-0.18.el4_8 | * |
| Red Hat Enterprise Linux 5 | RedHat | samba-0:3.0.33-3.15.el5_4 | * |
| Supplementary for Red Hat Enterprise Linux 5 | RedHat | samba3x-0:3.3.8-0.46.el5 | * |
| Samba | Ubuntu | intrepid | * |
| Samba | Ubuntu | jaunty | * |
| Samba | Ubuntu | upstream | * |
References
- http://secunia.com/advisories/35539
- http://secunia.com/advisories/35573
- http://secunia.com/advisories/35606
- http://secunia.com/advisories/36918
- http://wiki.rpath.com/Advisories:rPSA-2009-0145
- http://www.debian.org/security/2009/dsa-1823
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:196
- http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch
- http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch
- http://www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch
- http://www.samba.org/samba/security/CVE-2009-1888.html
- http://www.securityfocus.com/archive/1/507856/100/0/threaded
- http://www.securityfocus.com/bid/35472
- http://www.securitytracker.com/id?1022442
- http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.521591
- http://www.ubuntu.com/usn/USN-839-1
- http://www.vupen.com/english/advisories/2009/1664
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51327
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10790
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7292
- http://secunia.com/advisories/35539
- http://secunia.com/advisories/35573
- http://secunia.com/advisories/35606
- http://secunia.com/advisories/36918
- http://wiki.rpath.com/Advisories:rPSA-2009-0145
- http://www.debian.org/security/2009/dsa-1823
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:196
- http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch
- http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch
- http://www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch
- http://www.samba.org/samba/security/CVE-2009-1888.html
- http://www.securityfocus.com/archive/1/507856/100/0/threaded
- http://www.securityfocus.com/bid/35472
- http://www.securitytracker.com/id?1022442
- http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.521591
- http://www.ubuntu.com/usn/USN-839-1
- http://www.vupen.com/english/advisories/2009/1664
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51327
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10790
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7292