CVE-2013-4475 — Samba vulnerability

CWE-2648 documents7 sources

Severity

4.0MEDIUMNVD

EPSS

6.9%

top 8.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba Canonical Ubuntu Linux +1 more

Timeline

PublishedNov 13

Latest updateMay 17

Description

Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS).

CVSS vector

AV:N/AC:H/C:P/I:P/A:NExploitability: 4.9 | Impact: 4.9

Affected Packages3 packages

▶NVDsamba/samba3.2.0 — 3.6.20+2

▶debiandebian/samba< samba 2:4.0.11+dfsg-1 (bookworm)

▶Debiansamba/samba< 2:4.0.11+dfsg-1+3

Also affects: Debian Linux 6.0, 7.0, Ubuntu Linux 10.04, 12.04, 12.10, 13.04, 13.10

🔴Vulnerability Details

GHSA

GHSA-rhf5-jmh4-q5rv: Samba 3↗2022-05-17

▶

OSV

CVE-2013-4475: Samba 3↗2013-11-13

▶

📋Vendor Advisories

Ubuntu

Samba vulnerabilities↗2013-12-11

▶

Red Hat

samba: no access check verification on stream files↗2013-10-25

▶

Debian

CVE-2013-4475: samba - Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4...↗2013

▶

💬Community

Bugzilla

CVE-2013-4475 samba: no access check verification on stream files↗2013-10-29

▶

Bugzilla

CVE-2013-4475 samba: no access check verification on stream files [fedora-all]↗2013-10-29

▶