Bug 20558 - CVE-2009-1888: Uninitialized read of a data value
Summary: CVE-2009-1888: Uninitialized read of a data value
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: samba (show other bugs)
Version: unstable
Hardware: all Linux
: P3 normal
Assignee: Evgeny Sinelnikov
QA Contact: qa-sisyphus
URL: http://www.samba.org/samba/security/C...
Keywords: security
Depends on:
Blocks:
 
Reported: 2009-06-24 11:16 MSD by Vladimir Lettiev
Modified: 2010-01-24 22:16 MSK (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Lettiev 2009-06-24 11:16:49 MSD 
The smbd daemon in Samba 3.0.31 - 3.3.5 contains an
uninitialized read of a data value that can potentially
affect access control. If a user is trying to modify
an access control list (ACL) and is denied permission,
this deny may be overridden if the parameter "dos filemode"
is set to "yes" in the smb.conf and the user already has write
access to the file. The error occurs in checking that the
user has write access. Uninitialized memory is read instead
of the values in the 'stat' struct of the file.

Fixed in 3.0.35.
Comment 1 Vladimir Lettiev 2009-06-24 17:54:26 MSD 
> On Wed, Jun 24, 2009 at 03:40:17PM +0300, Alexander Bokovoy wrote:
>> Это не критическая ошибка, ее нельзя использовать в настройках по умолчанию                                               
>> в наших дистрибутивах.


поставлю normal. почему-то для security related багов всегда тянет задрать уровень...
Comment 2 Michael Shigorin 2010-01-24 22:16:21 MSK 
В сизифе 3.0.37.