Summary: | <net-fs/samba-3.2.13: smbclient format string vulnerability (CVE-2009-1886) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | trivial | CC: | samba | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://www.samba.org/samba/security/CVE-2009-1886.html | ||||||
Whiteboard: | ~1 [noglsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Alex Legler (RETIRED)
2009-06-18 11:40:46 UTC
Created attachment 195066 [details, diff]
Backported patch from the 3.3.* series
3.2.13, containing this patch, is to be released on the 23rd.
CVE-2009-1886 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1886): Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename. *samba-3.2.13 (25 Jun 2009) 25 Jun 2009; Patrick Lauer <patrick@gentoo.org> +samba-3.2.13.ebuild: Bump to 3.2.13 It's in the tree. thanks, closing. |