CVE-2009-1886
Published: 25 June 2009
Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename.
Notes
Author | Note |
---|---|
jdstrand | priority low as the vulnerability is reduced to denial of service due to compiler hardening does not affect 3.0 or 3.3 |
mdeslaur | confirmed trapped by compiler hardening, although could still be a DoS for tools that use smbclient in an automated way, so marking as low priority |
Priority
Status
Package | Release | Status |
---|---|---|
samba Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
hardy |
Not vulnerable
|
|
intrepid |
Released
(2:3.2.3-1ubuntu3.6)
|
|
jaunty |
Not vulnerable
|
|
upstream |
Released
(3.2.13)
|
|
Patches: upstream: http://us3.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1886.patch |