Search for vulnerabilities
Vulnerability details: VCID-bpap-5295-aaad
Vulnerability ID VCID-bpap-5295-aaad
Aliases CVE-2009-1888
Summary The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-264 Permissions, Privileges, and Access Controls
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2009:1529
rhas Moderate https://access.redhat.com/errata/RHSA-2009:1585
epss 0.00239 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.00239 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.00239 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.00239 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.00239 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.00239 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.00239 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.00239 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.00239 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.00239 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.00239 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.00239 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.00239 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03748 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03972 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03972 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03972 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03972 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03972 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03972 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03972 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03972 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03972 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03972 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03972 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03972 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03972 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03972 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03972 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03972 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03972 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03972 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03972 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03972 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03972 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03972 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03972 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03972 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03972 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.03972 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.04054 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.04054 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.05003 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.05003 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.05003 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.05003 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.05003 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.07183 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.17952 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.19386 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
epss 0.19386 https://api.first.org/data/v1/epss?cve=CVE-2009-1888
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=506996
cvssv2 5.8 https://nvd.nist.gov/vuln/detail/CVE-2009-1888
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1888.json
https://api.first.org/data/v1/epss?cve=CVE-2009-1888
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888
http://secunia.com/advisories/35539
http://secunia.com/advisories/35573
http://secunia.com/advisories/35606
http://secunia.com/advisories/36918
https://exchange.xforce.ibmcloud.com/vulnerabilities/51327
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10790
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7292
http://wiki.rpath.com/Advisories:rPSA-2009-0145
http://www.debian.org/security/2009/dsa-1823
http://www.mandriva.com/security/advisories?name=MDVSA-2009:196
http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch
http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch
http://www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch
http://www.samba.org/samba/security/CVE-2009-1888.html
http://www.securityfocus.com/archive/1/507856/100/0/threaded
http://www.securityfocus.com/bid/35472
http://www.securitytracker.com/id?1022442
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591
http://www.ubuntu.com/usn/USN-839-1
http://www.vupen.com/english/advisories/2009/1664
506996 https://bugzilla.redhat.com/show_bug.cgi?id=506996
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
CVE-2009-1888 https://nvd.nist.gov/vuln/detail/CVE-2009-1888
RHSA-2009:1529 https://access.redhat.com/errata/RHSA-2009:1529
RHSA-2009:1585 https://access.redhat.com/errata/RHSA-2009:1585
USN-839-1 https://usn.ubuntu.com/839-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2009-1888
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.62363
EPSS Score 0.00239
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.