Unrated severityNVD Advisory· Published Jun 25, 2009· Updated Apr 23, 2026
CVE-2009-1888
CVE-2009-1888
Description
The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.
Affected products
9cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- osv-coords2 versionspkg:rpm/opensuse/cifs-utils&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/samba&distro=openSUSE%20Tumbleweed
< 6.5-1.5+ 1 more
- (no CPE)range: < 6.5-1.5
- (no CPE)range: < 4.5.0-1.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
20- www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patchnvdPatchVendor Advisory
- www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patchnvdPatchVendor Advisory
- www.samba.org/samba/security/CVE-2009-1888.htmlnvdPatchVendor Advisory
- www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patchnvdExploitPatchVendor Advisory
- www.securityfocus.com/bid/35472nvdExploitThird Party AdvisoryVDB Entry
- secunia.com/advisories/35539nvdThird Party Advisory
- secunia.com/advisories/35573nvdThird Party Advisory
- secunia.com/advisories/35606nvdThird Party Advisory
- secunia.com/advisories/36918nvdThird Party Advisory
- wiki.rpath.com/Advisories:rPSA-2009-0145nvdThird Party Advisory
- www.debian.org/security/2009/dsa-1823nvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.securityfocus.com/archive/1/507856/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- www.slackware.com/security/viewer.phpnvdThird Party Advisory
- www.ubuntu.com/usn/USN-839-1nvdThird Party Advisory
- www.vupen.com/english/advisories/2009/1664nvdPermissions RequiredThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/51327nvdThird Party AdvisoryVDB Entry
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10790nvdThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7292nvdThird Party Advisory
News mentions
0No linked articles in our index yet.