Summary
The host has Samba installed and is prone to Security Bypass Vulnerability.
Impact
When dos filemode is set to yes in the smb.conf, attackers can exploit this issue to bypass certain security restrictions and compromise a user's system.
Impact Level: System
Solution
Upgrade to 3.3.6 of Samba,
http://us3.samba.org/samba/
****************************************************************************** Note: This may be a false positive as the package version is only being checked.
Each operating system vendor might have shipped Samba with backported versions.
******************************************************************************
Insight
The flaw is due to uninitialised memory access error in 'smbd' when denying attempts to modify a restricted access control list. This can be exploited to modify the ACL of an already writable file without required permissions.
Affected
Samba 3.0.0 before 3.0.35 on Linux.
Samba 3.1.x on Linux.
Samba 3.2.4 before 3.2.13 on Linux.
Samba 3.3.0 before 3.3.6 on Linux.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-1888 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N
Related Vulnerabilities