CVE-2013-0172 — Samba vulnerability

CWE-2646 documents5 sources

Severity

3.5LOWNVD

EPSS

0.3%

top 48.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba

Timeline

PublishedJan 17

Latest updateMay 5

Description

Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects by leveraging (1) objectClass access by a user, (2) objectClass access by a group, or (3) write access to an attribute.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

▶NVDsamba/samba4.0.0

▶debiandebian/samba

🔴Vulnerability Details

GHSA

GHSA-pccc-3h39-28j7: Samba 4↗2022-05-05

▶

📋Vendor Advisories

Red Hat

samba4: may provide authenticated users with write access to LDAP directory objects when used as an AD DC↗2013-01-15

▶

Debian

CVE-2013-0172: samba - Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configur...↗2013

▶

💬Community

Bugzilla

CVE-2013-0172 samba4: may provide authenticated users with write access to LDAP directory objects when used as an AD DC↗2013-01-15

▶

Bugzilla

CVE-2013-0172 samba4: may provide authenticated users with write access to LDAP directory objects when used as an AD DC [fedora-all]↗2013-01-15

▶