Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0172

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2013-0172
Last Modified 18 Jan 2013 12:00:00
Published 17 Jan 2013 04:55:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2013-0172

Summary

Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects by leveraging (1) objectClass access by a user, (2) objectClass access by a group, or (3) write access to an attribute.

Vulnerable Systems

Application

  • Samba 4.0.0


References

CONFIRM - http://www.samba.org/samba/security/CVE-2013-0172


Last Updated: 27 May 2016 10:44:50