Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-6442

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2013-6442
Last Modified 17 Jul 2014 01:01:57
Published 14 Mar 2014 06:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-6442

Summary

The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended administrative change.

Vulnerable Systems

Application

  • Samba 4.0.0

  • Samba 4.0.1

  • Samba 4.0.10

  • Samba 4.0.11

  • Samba 4.0.12

  • Samba 4.0.13

  • Samba 4.0.14

  • Samba 4.0.15

  • Samba 4.0.2

  • Samba 4.0.3

  • Samba 4.0.4

  • Samba 4.0.5

  • Samba 4.0.6

  • Samba 4.0.7

  • Samba 4.0.8

  • Samba 4.0.9

  • Samba 4.1.0

  • Samba 4.1.1

  • Samba 4.1.2

  • Samba 4.1.3

  • Samba 4.1.4

  • Samba 4.1.5


References

CONFIRM - https://bugzilla.samba.org/show_bug.cgi?id=10327

CONFIRM - http://www.samba.org/samba/security/CVE-2013-6442

CONFIRM - http://www.samba.org/samba/history/samba-4.1.6.html

CONFIRM - http://www.samba.org/samba/history/samba-4.0.16.html

SUSE - openSUSE-SU-2014:0404

BID - 66232


Last Updated: 27 May 2016 11:04:40