CVE-2009-1886
HIGH severity · CVSS 9.3 · CWE-134
9.3CVSS HIGH
Summary
Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename.
Impact & exploitability
Attack vectorNetwork
Attack complexity—
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)12%
AV:N/AC:M/Au:N/C:C/I:C/A:C
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1886.patch ↗
Additional information
- NVD record
- http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1886.patchPatch
- http://www.samba.org/samba/security/CVE-2009-1886.htmlPatch
- http://secunia.com/advisories/35539Advisory
- http://secunia.com/advisories/35573
- http://secunia.com/advisories/35606
- http://secunia.com/advisories/36918
- http://www.debian.org/security/2009/dsa-1823
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:196