CVE-2009-1886

Published: Jun 25, 2009Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename.

Affected (13)

Products: Samba: Samba

1 product

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Samba Samba	Version 3.2.0
Samba Samba	Version 3.2.10
Samba Samba	Version 3.2.11
Samba Samba	Version 3.2.12
Samba Samba	Version 3.2.1
Samba Samba	Version 3.2.2
Samba Samba	Version 3.2.3
Samba Samba	Version 3.2.4
Samba Samba	Version 3.2.5
Samba Samba	Version 3.2.6
Samba Samba	Version 3.2.7
Samba Samba	Version 3.2.8
Samba Samba	Version 3.2.9

Related CWEs

Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

References (30)

http://secunia.com/advisories/35539

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/35573

Source: secalert@redhat.com

http://secunia.com/advisories/35606

Source: secalert@redhat.com

http://secunia.com/advisories/36918

Source: secalert@redhat.com

http://www.debian.org/security/2009/dsa-1823

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2009:196

Source: secalert@redhat.com

http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1886.patch

Source: secalert@redhat.com

PatchVendor Advisory

http://www.samba.org/samba/security/CVE-2009-1886.html

Source: secalert@redhat.com

PatchVendor Advisory

http://www.securityfocus.com/bid/35472

Source: secalert@redhat.com

Patch

http://www.securitytracker.com/id?1022441

Source: secalert@redhat.com

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-839-1

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2009/1664

Source: secalert@redhat.com

PatchVendor Advisory

https://bugzilla.samba.org/show_bug.cgi?id=6478

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/51328

Source: secalert@redhat.com

http://secunia.com/advisories/35539

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/35573

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35606

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/36918

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2009/dsa-1823

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2009:196

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1886.patch

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.samba.org/samba/security/CVE-2009-1886.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/35472

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securitytracker.com/id?1022441

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-839-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2009/1664

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://bugzilla.samba.org/show_bug.cgi?id=6478

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/51328

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.