Computer Security
[EN] securityvulns.ru no-pyccku


Samba security vulnerabilities
Published:26.06.2009
Source:
SecurityVulns ID:10016
Type:local
Threat Level:
5/10
Description:smbclient format string vulnerability, ability to change file permissions if file is already open.
Affected:SAMBA : Samba 3.2
CVE:CVE-2009-1888 (The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.)
 CVE-2009-1886 (Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1823-1] New samba packages fix several vulnerabilities (26.06.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod