{"id":"CVE-2009-1888","details":"The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.","modified":"2026-04-10T03:40:48.107451Z","published":"2009-06-25T01:30:01Z","related":["openSUSE-SU-2024:10069-1","openSUSE-SU-2024:10334-1"],"references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/35539"},{"type":"ADVISORY","url":"http://secunia.com/advisories/35573"},{"type":"ADVISORY","url":"http://secunia.com/advisories/35606"},{"type":"ADVISORY","url":"http://secunia.com/advisories/36918"},{"type":"ADVISORY","url":"http://wiki.rpath.com/Advisories:rPSA-2009-0145"},{"type":"ADVISORY","url":"http://www.debian.org/security/2009/dsa-1823"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:196"},{"type":"ADVISORY","url":"http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch"},{"type":"ADVISORY","url":"http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch"},{"type":"ADVISORY","url":"http://www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch"},{"type":"ADVISORY","url":"http://www.samba.org/samba/security/CVE-2009-1888.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/archive/1/507856/100/0/threaded"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/35472"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id?1022442"},{"type":"ADVISORY","url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-839-1"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2009/1664"},{"type":"ADVISORY","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/51327"},{"type":"ADVISORY","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10790"},{"type":"ADVISORY","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7292"},{"type":"EVIDENCE","url":"http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch"},{"type":"EVIDENCE","url":"http://www.securityfocus.com/bid/35472"},{"type":"FIX","url":"http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch"},{"type":"FIX","url":"http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch"},{"type":"FIX","url":"http://www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch"},{"type":"FIX","url":"http://www.samba.org/samba/security/CVE-2009-1888.html"},{"type":"REPORT","url":"http://www.vupen.com/english/advisories/2009/1664"}],"schema_version":"1.7.5"}