CVE-2009-1886 : Multiple format string vulnerabilities in client/client.c in smbclient in Samba

Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename.

Published 2009-06-25 01:30:02

Updated 2025-04-09 00:30:58

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2009-1886

Samba » Samba » Version: 3.2.0
cpe:2.3:a:samba:samba:3.2.0:*:*:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.2.1
cpe:2.3:a:samba:samba:3.2.1:*:*:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.2.4
cpe:2.3:a:samba:samba:3.2.4:*:*:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.2.2
cpe:2.3:a:samba:samba:3.2.2:*:*:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.2.3
cpe:2.3:a:samba:samba:3.2.3:*:*:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.2.6
cpe:2.3:a:samba:samba:3.2.6:*:*:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.2.5
cpe:2.3:a:samba:samba:3.2.5:*:*:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.2.12
cpe:2.3:a:samba:samba:3.2.12:*:*:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.2.8
cpe:2.3:a:samba:samba:3.2.8:*:*:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.2.9
cpe:2.3:a:samba:samba:3.2.9:*:*:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.2.7
cpe:2.3:a:samba:samba:3.2.7:*:*:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.2.11
cpe:2.3:a:samba:samba:3.2.11:*:*:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.2.10
cpe:2.3:a:samba:samba:3.2.10:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2009-1886

EPSS FAQ

24.81%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 96 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-1886

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2009-1886

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2009-1886

Red Hat 2009-06-29

Not vulnerable. This issue did not affect the versions of samba as shipped with Red Hat Enterprise Linux 3, 4, or 5.

References for CVE-2009-1886

http://www.securityfocus.com/bid/35472

Patch

CVEs referencing this url
http://secunia.com/advisories/35606

About Secunia Research | Flexera

CVEs referencing this url
http://www.securitytracker.com/id?1022441

GoDaddy Domain Name Search
http://www.mandriva.com/security/advisories?name=MDVSA-2009:196

Mandriva

CVEs referencing this url
http://secunia.com/advisories/35573

About Secunia Research | Flexera

CVEs referencing this url
http://www.samba.org/samba/security/CVE-2009-1886.html

Samba - Security Announcement Archive
Patch;Vendor Advisory
http://www.vupen.com/english/advisories/2009/1664

Site en construction
Patch;Vendor Advisory

CVEs referencing this url
http://www.debian.org/security/2009/dsa-1823

[SECURITY] [DSA 1823-1] New samba packages fix several vulnerabilities

CVEs referencing this url
https://bugzilla.samba.org/show_bug.cgi?id=6478

6478 – smbclient interpolates % character in remote file name; CVE-2009-1886
http://secunia.com/advisories/35539

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-839-1

USN-839-1: Samba vulnerabilities | Ubuntu security notices | Ubuntu

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/51328

Samba smbclient format string CVE-2009-1886 Vulnerability Report
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591

The Slackware Linux Project: Slackware Security Advisories

CVEs referencing this url
http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1886.patch

Patch;Vendor Advisory
http://secunia.com/advisories/36918

About Secunia Research | Flexera

CVEs referencing this url