Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2009-1886

Published: 25 June 2009

Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename.

Notes

AuthorNote
jdstrand
priority low as the vulnerability is reduced to denial of service
due to compiler hardening
does not affect 3.0 or 3.3
mdeslaur
confirmed trapped by compiler hardening, although could
still be a DoS for tools that use smbclient in an automated
way, so marking as low priority

Priority

Low

Status

Package Release Status
samba
Launchpad, Ubuntu, Debian
upstream
Released (3.2.13)
dapper Not vulnerable

hardy Not vulnerable

intrepid
Released (2:3.2.3-1ubuntu3.6)
jaunty Not vulnerable

Patches:
upstream: http://us3.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1886.patch