NVD脆弱性詳細

CVE-2009-1888

概要	The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.
概要	La función acl_group_override en smbd/posix_acls.c en smbd en Samba v3.0.x anterior a v3.0.35, v3.1.x y v3.2.x anterior a v3.2.13, y v3.3.x anterior 3.3.6, cuando el modo de fichero dos está habilitado, permite a atacantes remotos modificar la lista de control de acceso para ficheros a través de vectores relacionados con acceso de lectura a memoria sin inicializar.
公表日	2009年6月25日10:30
登録日	2021年1月29日13:18
最終更新日	2026年4月23日9:35

CVSS2.0 : MEDIUM
スコア	5.8
ベクター	AV:N/AC:M/Au:N/C:P/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	なし
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:samba:samba::::::::	3.0.31	3.0.35
cpe:2.3:a:samba:samba::::::::	3.2.0			3.2.13
cpe:2.3:a:samba:samba::::::::	3.3.0			3.3.6
cpe:2.3:o:debian:debian_linux:4.0:::::::*
cpe:2.3:o:debian:debian_linux:5.0:::::::*
cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*

関連情報、対策とツール

No	URL	refsource
1	http://secunia.com/advisories/35539	secalert@redhat.com
2	http://secunia.com/advisories/35573	secalert@redhat.com
3	http://secunia.com/advisories/35606	secalert@redhat.com
4	http://secunia.com/advisories/36918	secalert@redhat.com
5	http://wiki.rpath.com/Advisories:rPSA-2009-0145	secalert@redhat.com
6	http://www.debian.org/security/2009/dsa-1823	secalert@redhat.com
7	http://www.mandriva.com/security/advisories?name=MDVSA-2009:196	secalert@redhat.com
8	http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch	secalert@redhat.com
9	http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch	secalert@redhat.com
10	http://www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch	secalert@redhat.com
11	http://www.samba.org/samba/security/CVE-2009-1888.html	secalert@redhat.com
12	http://www.securityfocus.com/archive/1/507856/100/0/threaded	secalert@redhat.com
13	http://www.securityfocus.com/bid/35472	secalert@redhat.com
14	http://www.securitytracker.com/id?1022442	secalert@redhat.com
15	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591	secalert@redhat.com
16	http://www.ubuntu.com/usn/USN-839-1	secalert@redhat.com
17	http://www.vupen.com/english/advisories/2009/1664	secalert@redhat.com
18	https://exchange.xforce.ibmcloud.com/vulnerabilities/51327	secalert@redhat.com
19	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10790	secalert@redhat.com
20	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7292	secalert@redhat.com
21	http://secunia.com/advisories/35539	af854a3a-2127-422b-91ae-364da2661108
22	http://secunia.com/advisories/35573	af854a3a-2127-422b-91ae-364da2661108
23	http://secunia.com/advisories/35606	af854a3a-2127-422b-91ae-364da2661108
24	http://secunia.com/advisories/36918	af854a3a-2127-422b-91ae-364da2661108
25	http://wiki.rpath.com/Advisories:rPSA-2009-0145	af854a3a-2127-422b-91ae-364da2661108
26	http://www.debian.org/security/2009/dsa-1823	af854a3a-2127-422b-91ae-364da2661108
27	http://www.mandriva.com/security/advisories?name=MDVSA-2009:196	af854a3a-2127-422b-91ae-364da2661108
28	http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch	af854a3a-2127-422b-91ae-364da2661108
29	http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch	af854a3a-2127-422b-91ae-364da2661108
30	http://www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch	af854a3a-2127-422b-91ae-364da2661108
31	http://www.samba.org/samba/security/CVE-2009-1888.html	af854a3a-2127-422b-91ae-364da2661108
32	http://www.securityfocus.com/archive/1/507856/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
33	http://www.securityfocus.com/bid/35472	af854a3a-2127-422b-91ae-364da2661108
34	http://www.securitytracker.com/id?1022442	af854a3a-2127-422b-91ae-364da2661108
35	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591	af854a3a-2127-422b-91ae-364da2661108
36	http://www.ubuntu.com/usn/USN-839-1	af854a3a-2127-422b-91ae-364da2661108
37	http://www.vupen.com/english/advisories/2009/1664	af854a3a-2127-422b-91ae-364da2661108
38	https://exchange.xforce.ibmcloud.com/vulnerabilities/51327	af854a3a-2127-422b-91ae-364da2661108
39	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10790	af854a3a-2127-422b-91ae-364da2661108
40	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7292	af854a3a-2127-422b-91ae-364da2661108

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html