CVE-2009-1886 (retired)

Priority
Description
Multiple format string vulnerabilities in client/client.c in smbclient in
Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to
execute arbitrary code via format string specifiers in a filename.
Notes
 jdstrand> priority low as the vulnerability is reduced to denial of service
  due to compiler hardening
 jdstrand> does not affect 3.0 or 3.3
 mdeslaur> confirmed trapped by compiler hardening, although could
 mdeslaur> still be a DoS for tools that use smbclient in an automated
 mdeslaur> way, so marking as low priority
Package
Source: samba (LP Ubuntu Debian)
Upstream:released (3.2.13)
Patches:
Upstream:http://us3.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1886.patch
More Information

Updated: 2019-08-23 08:35:57 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)