CVE-2009-1888

N/A Unknown
Published: June 25, 2009 Modified: April 23, 2026
View on NVD

Description

The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://secunia.com/advisories/35539
Source: secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/35573
Source: secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/35606
Source: secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/36918
Source: secalert@redhat.com
Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2009-0145
Source: secalert@redhat.com
Third Party Advisory
http://www.debian.org/security/2009/dsa-1823
Source: secalert@redhat.com
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:196
Source: secalert@redhat.com
Third Party Advisory
http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch
Source: secalert@redhat.com
Exploit Patch Vendor Advisory
http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch
Source: secalert@redhat.com
Patch Vendor Advisory
http://www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch
Source: secalert@redhat.com
Patch Vendor Advisory
http://www.samba.org/samba/security/CVE-2009-1888.html
Source: secalert@redhat.com
Patch Vendor Advisory
http://www.securityfocus.com/archive/1/507856/100/0/threaded
Source: secalert@redhat.com
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/35472
Source: secalert@redhat.com
Exploit Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1022442
Source: secalert@redhat.com
Third Party Advisory VDB Entry
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591
Source: secalert@redhat.com
Third Party Advisory
http://www.ubuntu.com/usn/USN-839-1
Source: secalert@redhat.com
Third Party Advisory
http://www.vupen.com/english/advisories/2009/1664
Source: secalert@redhat.com
Permissions Required Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/51327
Source: secalert@redhat.com
Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10790
Source: secalert@redhat.com
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7292
Source: secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/35539
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/35573
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/35606
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/36918
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2009-0145
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2009/dsa-1823
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:196
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Patch Vendor Advisory
http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://www.samba.org/samba/security/CVE-2009-1888.html
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://www.securityfocus.com/archive/1/507856/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/35472
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1022442
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-839-1
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vupen.com/english/advisories/2009/1664
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/51327
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10790
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7292
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

40 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
5.4%
90th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

debian canonical samba

Related CVEs

CVE-2026-7041 3.7
CVE-2026-7039 7.8
CVE-2026-7038 3.3
CVE-2026-7037 9.8
CVE-2026-7036 7.3