CVE-2010-0728 — Samba vulnerability

CWE-2645 documents5 sources

Severity

8.5HIGHNVD

EPSS

1.9%

top 16.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba

Timeline

PublishedMar 10

Latest updateMay 2

Description

smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/samba< samba 2:3.4.7~dfsg-1 (bookworm)

▶Debiansamba/samba< 2:3.4.7~dfsg-1+3

▶NVDsamba/samba3.3.11, 3.4.6, 3.5.0+2

🔴Vulnerability Details

GHSA

GHSA-76v2-q54h-r7wc: smbd in Samba 3↗2022-05-02

▶

OSV

CVE-2010-0728: smbd in Samba 3↗2010-03-10

▶

📋Vendor Advisories

Debian

CVE-2010-0728: samba - smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs wit...↗2010

▶

Red Hat

CVE-2010-0728: smbd in Samba 3↗

▶