Executive Summary
Summary | |
---|---|
Title | Sun Alert 267628 Security Vulnerability in Samba (SAMBA(7)) May Allow Unauthorized Changes to Access Control Lists (ACL) |
Informations | |||
---|---|---|---|
Name | SUN-267628 | First vendor Publication | 2009-09-24 |
Vendor | Sun | Last vendor Modification | 2009-09-29 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 5.8 | Attack Range | Network |
Cvss Impact Score | 4.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Solaris 9 Operating System Solaris 10 Operating System OpenSolaris An access control security vulnerability in the Samba (samba(7)) smbd(8) server daemon may allow a remote unprivileged user with write access to a file on a Samba server to make unauthorized changes to the file's Access Control List (ACL). Additional information on this issue can be found in the following document: State: Resolved First released: 24-Sep-2009 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_267628_security_vulnerability |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10790 | |||
Oval ID: | oval:org.mitre.oval:def:10790 | ||
Title: | The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory. | ||
Description: | The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1888 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13438 | |||
Oval ID: | oval:org.mitre.oval:def:13438 | ||
Title: | DSA-1823-1 samba -- several | ||
Description: | Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1886 The smbclient utility contains a format string vulnerability where commands dealing with file names treat user input as format strings to asprintf. CVE-2009-1888 In the smbd daemon, if a user is trying to modify an access control list and is denied permission, this deny may be overridden if the parameter "dos filemode" is set to "yes" in the smb.conf and the user already has write access to the file. The old stable distribution is not affected by these problems. For the stable distribution, these problems have been fixed in version 2:3.2.5-4lenny6. The unstable distribution, which is only affected by CVE-2009-1888, will be fixed soon. We recommend that you upgrade your samba package. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1823-1 CVE-2009-1886 CVE-2009-1888 | Version: | 7 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | samba |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7292 | |||
Oval ID: | oval:org.mitre.oval:def:7292 | ||
Title: | smbd access control list remote modification vulnerability | ||
Description: | The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1888 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8114 | |||
Oval ID: | oval:org.mitre.oval:def:8114 | ||
Title: | DSA-1823 samba -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server. The Common Vulnerabilities and Exposures project identifies the following problems: The smbclient utility contains a formatstring vulnerability where commands dealing with file names treat user input as format strings to asprintf. In the smbd daemon, if a user is trying to modify an access control list (ACL) and is denied permission, this deny may be overridden if the parameter "dos filemode" is set to "yes" in the smb.conf and the user already has write access to the file. The old stable distribution (etch) is not affected by these problems. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1823 CVE-2009-1886 CVE-2009-1888 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | samba |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for samba CESA-2009:1529 centos4 i386 File : nvt/gb_CESA-2009_1529_samba_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for samba CESA-2009:1529 centos5 i386 File : nvt/gb_CESA-2009_1529_samba_centos5_i386.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:320 (samba) File : nvt/mdksa_2009_320.nasl |
2009-11-17 | Name : RedHat Security Advisory RHSA-2009:1585 File : nvt/RHSA_2009_1585.nasl |
2009-11-11 | Name : RedHat Security Advisory RHSA-2009:1529 File : nvt/RHSA_2009_1529.nasl |
2009-11-11 | Name : CentOS Security Advisory CESA-2009:1529 (samba) File : nvt/ovcesa2009_1529.nasl |
2009-10-13 | Name : SLES10: Security update for Samba File : nvt/sles10_cifs-mount1.nasl |
2009-10-11 | Name : SLES11: Security update for Samba File : nvt/sles11_cifs-mount.nasl |
2009-10-06 | Name : Ubuntu USN-839-1 (samba) File : nvt/ubuntu_839_1.nasl |
2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:196 (samba) File : nvt/mdksa_2009_196.nasl |
2009-07-29 | Name : SuSE Security Advisory SUSE-SA:2009:037 (dhcp-client) File : nvt/suse_sa_2009_037.nasl |
2009-06-30 | Name : Debian Security Advisory DSA 1823-1 (samba) File : nvt/deb_1823_1.nasl |
2009-06-30 | Name : Samba Format String Vulnerability File : nvt/secpod_samba_sec_bypass_vuln.nasl |
2009-06-30 | Name : Ubuntu USN-792-1 (openssl) File : nvt/ubuntu_792_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-177-01 samba File : nvt/esoft_slk_ssa_2009_177_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
55411 | Samba smbd/posix_acls.c acl_group_override Function Remote Access Control Lis... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0006_remote.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1529.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1585.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091027_samba_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2010-04-02 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0006.nasl - Type : ACT_GATHER_INFO |
2009-12-07 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-320.nasl - Type : ACT_GATHER_INFO |
2009-10-28 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1529.nasl - Type : ACT_GATHER_INFO |
2009-10-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1529.nasl - Type : ACT_GATHER_INFO |
2009-10-02 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-839-1.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_cifs-mount-090629.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cifs-mount-6343.nasl - Type : ACT_GATHER_INFO |
2009-08-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-196.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_cifs-mount-090624.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_cifs-mount-090624.nasl - Type : ACT_GATHER_INFO |
2009-06-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1823.nasl - Type : ACT_GATHER_INFO |
2009-06-28 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-177-01.nasl - Type : ACT_GATHER_INFO |
2009-06-24 | Name : The remote Samba server may be affected by a security bypass vulnerability. File : samba_acl_security_bypass.nasl - Type : ACT_GATHER_INFO |
2005-07-14 | Name : The remote host is missing Sun Security Patch number 119757-43 File : solaris10_119757.nasl - Type : ACT_GATHER_INFO |
2005-07-14 | Name : The remote host is missing Sun Security Patch number 119758-43 File : solaris10_x86_119758.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 114684-17 File : solaris9_114684.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 114685-17 File : solaris9_x86_114685.nasl - Type : ACT_GATHER_INFO |