Bug 20558

Summary: CVE-2009-1888: Uninitialized read of a data value
Product: Sisyphus Reporter: Vladimir Lettiev <crux>
Component: sambaAssignee: Evgeny Sinelnikov <sin>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: normal    
Priority: P3 CC: mike, sin
Version: unstableKeywords: security
Hardware: all   
OS: Linux   
URL: http://www.samba.org/samba/security/CVE-2009-1888.html

Description Vladimir Lettiev 2009-06-24 11:16:49 MSD
The smbd daemon in Samba 3.0.31 - 3.3.5 contains an
uninitialized read of a data value that can potentially
affect access control. If a user is trying to modify
an access control list (ACL) and is denied permission,
this deny may be overridden if the parameter "dos filemode"
is set to "yes" in the smb.conf and the user already has write
access to the file. The error occurs in checking that the
user has write access. Uninitialized memory is read instead
of the values in the 'stat' struct of the file.

Fixed in 3.0.35.
Comment 1 Vladimir Lettiev 2009-06-24 17:54:26 MSD
> On Wed, Jun 24, 2009 at 03:40:17PM +0300, Alexander Bokovoy wrote:
>> Это не критическая ошибка, ее нельзя использовать в настройках по умолчанию                                               
>> в наших дистрибутивах.


поставлю normal. почему-то для security related багов всегда тянет задрать уровень...
Comment 2 Michael Shigorin 2010-01-24 22:16:21 MSK
В сизифе 3.0.37.