Summary: | <net-fs/samba-3.0.35 Uninitialized read of a data value (CVE-2009-1888) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | samba |
Priority: | High | Keywords: | STABLEREQ |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.samba.org/samba/security/CVE-2009-1888.html | ||
Whiteboard: | C4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Buchholz (RETIRED)
2009-06-24 00:10:28 UTC
CVE-2009-1888 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1888): The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory. + 25 Jun 2009; Patrick Lauer <patrick@gentoo.org> +samba-3.0.35.ebuild: + Bump to 3.0.35. Fixes #275236. ping to @security to stabilize > net-fs/samba-3.0.35 Arches, please test and mark stable: =net-fs/samba-3.0.36 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" Stable for HPPA. x86 stable alpha/arm/ia64/s390/sh/sparc stable amd64 stable ppc64 done ppc stable Adjusting to C4, as "dos filemode = no" is the default & closing NOGLSA. ...and closing NOGLSA. ;) |