Search for vulnerabilities
Vulnerability details: VCID-53qs-88qc-aaaf
Vulnerability ID VCID-53qs-88qc-aaaf
Aliases CVE-2009-1886
Summary Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename.
Status Published
Exploitability 2.0
Weighted Severity 8.4
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-134 Use of Externally-Controlled Format String
System Score Found at
epss 0.01740 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.01740 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.01740 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.01740 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.01740 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.01740 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.01740 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.01740 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.01740 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.01740 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.01740 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.02486 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.02486 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.02486 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.02486 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.1994 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.24809 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.24809 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.24809 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.24809 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.24809 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.24809 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.24809 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.24809 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.24809 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.24809 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.24809 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.24809 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.24809 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.24809 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.24809 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.24809 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.24809 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.24809 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.24809 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.24809 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.24809 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.24809 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.24809 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.24809 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.24809 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.24809 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.24809 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
epss 0.30669 https://api.first.org/data/v1/epss?cve=CVE-2009-1886
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=508061
cvssv2 9.3 https://nvd.nist.gov/vuln/detail/CVE-2009-1886
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1886.json
https://api.first.org/data/v1/epss?cve=CVE-2009-1886
https://bugzilla.samba.org/show_bug.cgi?id=6478
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1886
http://secunia.com/advisories/35539
http://secunia.com/advisories/35573
http://secunia.com/advisories/35606
http://secunia.com/advisories/36918
https://exchange.xforce.ibmcloud.com/vulnerabilities/51328
http://www.debian.org/security/2009/dsa-1823
http://www.mandriva.com/security/advisories?name=MDVSA-2009:196
http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1886.patch
http://www.samba.org/samba/security/CVE-2009-1886.html
http://www.securityfocus.com/bid/35472
http://www.securitytracker.com/id?1022441
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591
http://www.ubuntu.com/usn/USN-839-1
http://www.vupen.com/english/advisories/2009/1664
508061 https://bugzilla.redhat.com/show_bug.cgi?id=508061
cpe:2.3:a:samba:samba:3.2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.2.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.2.10:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.2.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.2.11:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.2.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.2.12:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.2.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.2.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.2.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.2.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.2.6:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.2.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.2.7:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.2.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.2.8:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.2.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.2.9:*:*:*:*:*:*:*
CVE-2009-1886 https://nvd.nist.gov/vuln/detail/CVE-2009-1886
CVE-2009-1886;OSVDB-55412 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33053.txt
CVE-2009-1886;OSVDB-55412 Exploit https://www.securityfocus.com/bid/35472/info
USN-839-1 https://usn.ubuntu.com/839-1/
Data source Exploit-DB
Date added May 19, 2009
Description Samba 3.3.5 - Format String / Security Bypass
Ransomware campaign use Known
Source publication date May 19, 2009
Exploit type remote
Platform linux
Source update date April 27, 2014
Source URL https://www.securityfocus.com/bid/35472/info
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2009-1886
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.88291
EPSS Score 0.01740
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.