CVE-2013-4496 — Samba vulnerability

CWE-2558 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

5.5%

top 9.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba Canonical Ubuntu Linux

Timeline

PublishedMar 14

Latest updateMay 17

Description

Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDsamba/samba3.4.0 — 3.6.23+2

▶debiandebian/samba< samba 2:4.1.6+dfsg-1 (bookworm)

▶Debiansamba/samba< 2:4.1.6+dfsg-1+3

Also affects: Ubuntu Linux 10.04, 12.04, 12.10, 13.10

🔴Vulnerability Details

GHSA

GHSA-jfh4-9458-8w9g: Samba 3↗2022-05-17

▶

OSV

CVE-2013-4496: Samba 3↗2014-03-14

▶

📋Vendor Advisories

Ubuntu

Samba vulnerability↗2014-03-26

▶

Red Hat

samba: Password lockout not enforced for SAMR password changes↗2014-03-12

▶

Debian

CVE-2013-4496: samba - Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not en...↗2013

▶

💬Community

Bugzilla

CVE-2013-4496 CVE-2013-6442 samba: various flaws [fedora-all]↗2014-03-12

▶

Bugzilla

CVE-2013-4496 samba: Password lockout not enforced for SAMR password changes↗2014-03-05

▶