Samba 3.3.5 - Format String / Security Bypass

Author: Jeremy Allison
type: remote
platform: linux
port: 
date_added: 2009-05-19 
date_updated: 2014-04-27 
verified: 1 
codes: CVE-2009-1886;OSVDB-55412 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/35472/info

Samba is prone to multiple vulnerabilities.

Attackers can leverage these issues to execute arbitrary code within the context of the vulnerable application or to bypass certain security restrictions.

Samba 3.0.31 through 3.3.5 are affected.

The following proof of concept is available:

smb: \> put aa%3Fbb