9.3

CVE-2009-1886

Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaSamba Version3.2.0
SambaSamba Version3.2.1
SambaSamba Version3.2.2
SambaSamba Version3.2.3
SambaSamba Version3.2.4
SambaSamba Version3.2.5
SambaSamba Version3.2.6
SambaSamba Version3.2.7
SambaSamba Version3.2.8
SambaSamba Version3.2.9
SambaSamba Version3.2.10
SambaSamba Version3.2.11
SambaSamba Version3.2.12
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 12.22% 0.956
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://secunia.com/advisories/35539
Vendor Advisory
http://secunia.com/advisories/35573
http://secunia.com/advisories/35606
http://secunia.com/advisories/36918
http://www.debian.org/security/2009/dsa-1823
http://www.mandriva.com/security/advisories?name=MDVSA-2009:196
http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1886.patch
Patch
Vendor Advisory
http://www.samba.org/samba/security/CVE-2009-1886.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/35472
Patch
http://www.securitytracker.com/id?1022441
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591
http://www.ubuntu.com/usn/USN-839-1
http://www.vupen.com/english/advisories/2009/1664
Patch
Vendor Advisory
https://bugzilla.samba.org/show_bug.cgi?id=6478
https://exchange.xforce.ibmcloud.com/vulnerabilities/51328