exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2009-1888

Status Candidate

Overview

The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.

Related Files

VMware Security Advisory 2010-0006
Posted Apr 2, 2010
Authored by VMware | Site vmware.com

VMware Security Advisory - This ESX service console update addresses security issues regarding samba and acpid.

tags | advisory
advisories | CVE-2009-2906, CVE-2009-1888, CVE-2009-2813, CVE-2009-2948, CVE-2009-0798
SHA-256 | 00441a9ab5817c9f0ed67e7dff7af17dd695c35fa919b9a5e9c0d08c8f836e96
Mandriva Linux Security Advisory 2009-320
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-320 - The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory. The SMB (aka Samba) subsystem in Apple Mac OS X 10.5.8, when Windows File Sharing is enabled, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories. smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet. mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option. The version of samba shipping with Mandriva Linux 2008.0 has been updated to the latest version (3.0.37) that includes the fixes for these issues.

tags | advisory, remote, denial of service, local, root
systems | linux, windows, apple, osx, mandriva
advisories | CVE-2009-1888, CVE-2009-2813, CVE-2009-2906, CVE-2009-2948
SHA-256 | 4e7520ff7d1babb15111d3105dfb051558830145524556af71d6fc049c24dfd4
Ubuntu Security Notice 839-1
Posted Oct 2, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 839-1 - J. David Hester discovered that Samba incorrectly handled users that lack home directories when the automated [homes] share is enabled. An authenticated user could connect to that share name and gain access to the whole filesystem. Tim Prouty discovered that the smbd daemon in Samba incorrectly handled certain unexpected network replies. A remote attacker could send malicious replies to the server and cause smbd to use all available CPU, leading to a denial of service. Ronald Volgers discovered that the mount.cifs utility, when installed as a setuid program, would not verify user permissions before opening a credentials file. A local user could exploit this to use or read the contents of unauthorized credential files. Reinhard discovered that the smbclient utility contained format string vulnerabilities in its file name handling. Because of security features in Ubuntu, exploitation of this vulnerability is limited. If a user or automated system were tricked into processing a specially crafted file name, smbclient could be made to crash, possibly leading to a denial of service. This only affected Ubuntu 8.10. Jeremy Allison discovered that the smbd daemon in Samba incorrectly handled permissions to modify access control lists when dos filemode is enabled. A remote attacker could exploit this to modify access control lists. This only affected Ubuntu 8.10 and Ubuntu 9.04.

tags | advisory, remote, denial of service, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-1886, CVE-2009-1888, CVE-2009-2813, CVE-2009-2906, CVE-2009-2948
SHA-256 | 4f0c9ac114c1548958e5f616590708327ff29bbee5a4e6d2370a6e40f4bbd33e
Mandriva Linux Security Advisory 2009-196
Posted Aug 10, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-196 - Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename. The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory. This update provides samba 3.2.13 to address these issues.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, osx, mandriva
advisories | CVE-2009-1886, CVE-2009-1888
SHA-256 | 4d74757b18f42f251a7374fa6165b6b3ccd8d6d2da369b6ee183dbf60111b97c
Debian Linux Security Advisory 1823-1
Posted Jun 26, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1823-1 - Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2009-1886, CVE-2009-1888
SHA-256 | b1dd505f4ed9dfea23e529ccd125a387967f454cd3fb8e82cf20c7cf12975af8
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close