[Announce] Samba 3.0.35 Security Release Available for Download

Alexander forsmbg at googlemail.com
Mon Jun 29 04:51:42 MDT 2009

On Tue, Jun 23, 2009 at 6:41 PM, Karolin Seeger <kseeger at samba.org> wrote:

> Release Announcements
> =====================
> This is a security release in order to address CVE-2009-1888.
>   o CVE-2009-1888:
>     In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a
>     data value can potentially affect access control when "dos filemode"
>     is set to "yes".

 Hello Samba team,

Just wanted to clarify - do I understand it correctly that pre-3.0.31
versions are not affected by this?
I believe yes and checking the source for that function in older releases
(looked at 3.0.20, 3.0.28 and 3.0.30) shows no "sbuf" structure allocation
that appeared in 3.0.31 and is initialized properly with a patch now, but
could you please confirm that?

(looks like my first message to samba-technical at lists.samba.org didn't get
through, apologize if that would be double-post)


More information about the samba-technical mailing list