20558 2009-06-24 11:16:49 +0400 CVE-2009-1888: Uninitialized read of a data value 2010-01-24 22:16:21 +0300 1 1 4 Development Sisyphus samba unstable all Linux CLOSED FIXED http://www.samba.org/samba/security/CVE-2009-1888.html security P3 normal --- 1 crux sin mike sin qa-sisyphus oldest_to_newest 93607 0 crux 2009-06-24 11:16:49 +0400 The smbd daemon in Samba 3.0.31 - 3.3.5 contains an uninitialized read of a data value that can potentially affect access control. If a user is trying to modify an access control list (ACL) and is denied permission, this deny may be overridden if the parameter "dos filemode" is set to "yes" in the smb.conf and the user already has write access to the file. The error occurs in checking that the user has write access. Uninitialized memory is read instead of the values in the 'stat' struct of the file. Fixed in 3.0.35. 93657 1 crux 2009-06-24 17:54:26 +0400 > On Wed, Jun 24, 2009 at 03:40:17PM +0300, Alexander Bokovoy wrote: >> Это не критическая ошибка, ее нельзя использовать в настройках по умолчанию >> в наших дистрибутивах. поставлю normal. почему-то для security related багов всегда тянет задрать уровень... 105896 2 mike 2010-01-24 22:16:21 +0300 В сизифе 3.0.37.