Bug 506996 (CVE-2009-1888)
Summary: | CVE-2009-1888 Samba improper file access | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Josh Bressers <bressers> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | gdeschner, kreilly, mnowak, ssorce, vdanen |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-11-19 15:01:47 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 526658, 526659, 526660, 526661, 526663 | ||
Bug Blocks: |
Description
Josh Bressers
2009-06-19 17:55:03 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1888 to the following vulnerability: Name: CVE-2009-1888 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888 Assigned: 20090602 Reference: CONFIRM: http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch Reference: CONFIRM: http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch Reference: CONFIRM: http://www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch Reference: CONFIRM: http://www.samba.org/samba/security/CVE-2009-1888.html Reference: BID:35472 Reference: URL: http://www.securityfocus.com/bid/35472 Reference: SECUNIA:35539 Reference: URL: http://secunia.com/advisories/35539 Reference: VUPEN:ADV-2009-1664 Reference: URL: http://www.vupen.com/english/advisories/2009/1664 The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory. The Red Hat Security Response Team has rated this issue as having low security impact, a future samba package update may address this flaw in Red Hat Enterprise Linux 4 and 5. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2009:1529 https://rhn.redhat.com/errata/RHSA-2009-1529.html This issue has been addressed in following products: Extras for Red Hat Enterprise Linux 5 Via RHSA-2009:1585 https://rhn.redhat.com/errata/RHSA-2009-1585.html |