Unrated severityNVD Advisory· Published Jun 25, 2009· Updated Jun 16, 2026
CVE-2009-1888
CVE-2009-1888
Description
The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*range: >=3.0.31,<=3.0.35
- (no CPE)range: <3.0.35 for 3.0.x, <3.2.13 for 3.2.x, <3.3.6 for 3.3.x
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- osv-coords2 versionspkg:rpm/opensuse/cifs-utils&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/samba&distro=openSUSE%20Tumbleweed
< 6.5-1.5+ 1 more
- (no CPE)range: < 6.5-1.5
- (no CPE)range: < 4.5.0-1.1
Patches
Vulnerability mechanics
References
20- www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patchnvdPatchVendor Advisory
- www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patchnvdPatchVendor Advisory
- www.samba.org/samba/security/CVE-2009-1888.htmlnvdPatchVendor Advisory
- www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patchnvdExploitPatchVendor Advisory
- www.securityfocus.com/bid/35472nvdExploitThird Party AdvisoryVDB Entry
- secunia.com/advisories/35539nvdThird Party Advisory
- secunia.com/advisories/35573nvdThird Party Advisory
- secunia.com/advisories/35606nvdThird Party Advisory
- secunia.com/advisories/36918nvdThird Party Advisory
- wiki.rpath.com/Advisories:rPSA-2009-0145nvdThird Party Advisory
- www.debian.org/security/2009/dsa-1823nvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.securityfocus.com/archive/1/507856/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- www.slackware.com/security/viewer.phpnvdThird Party Advisory
- www.ubuntu.com/usn/USN-839-1nvdThird Party Advisory
- www.vupen.com/english/advisories/2009/1664nvdPermissions RequiredThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/51327nvdThird Party AdvisoryVDB Entry
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10790nvdThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7292nvdThird Party Advisory
News mentions
0No linked articles in our index yet.