CVE-2009-1886
Advisory lineage Upstream: 0 Downstream: 4
Modified
Published: 24 Jun 2009, 22:00
Last modified:07 Aug 2024, 05:27
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.3 HIGH
v2.0 (nvd)
EPSS Score
24.81% HIGH
25% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected
Timeline
24 Jun 2009, 22:00
Published
Vulnerability first disclosed
07 Aug 2024, 05:27
Last Modified
Vulnerability information updated
Description
Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename.
CVSS Metrics
- v2.0•HIGH•Score: 9.3AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Trends
Current EPSS score: 24.81%• Percentile: 96%
Techniques & Countermeasures
- CWE-134•Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Affected Systems
- samba•samba
3.2.0 | 3.2.1 | 3.2.2 | 3.2.3 | 3.2.4 | 3.2.5 | 3.2.6 | 3.2.7 | 3.2.8 | 3.2.9 | 3.2.10 | 3.2.11 | 3.2.12
References (15)
- http://www.vupen.com/english/advisories/2009/1664
- http://www.debian.org/security/2009/dsa-1823
- http://www.samba.org/samba/security/CVE-2009-1886.html
- http://secunia.com/advisories/35573
- http://secunia.com/advisories/35606
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591
- http://www.securityfocus.com/bid/35472
- http://www.ubuntu.com/usn/USN-839-1
- http://secunia.com/advisories/35539
- http://www.securitytracker.com/id?1022441
- https://bugzilla.samba.org/show_bug.cgi?id=6478
- http://secunia.com/advisories/36918
- http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1886.patch
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:196
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51328