CVE-2013-6442 — Samba vulnerability

CWE-2647 documents6 sources

Severity

5.8MEDIUMNVD

EPSS

1.3%

top 20.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba

Timeline

PublishedMar 14

Latest updateMay 17

Description

The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended administrative change.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages3 packages

▶debiandebian/samba< samba 2:4.1.6+dfsg-1 (bookworm)

▶Debiansamba/samba< 2:4.1.6+dfsg-1+3

▶NVDsamba/samba22 versions+21

🔴Vulnerability Details

GHSA

GHSA-qgqp-hrvv-cxc3: The owner_set function in smbcacls↗2022-05-17

▶

OSV

CVE-2013-6442: The owner_set function in smbcacls↗2014-03-14

▶

📋Vendor Advisories

Red Hat

samba: smbcacls will delete ACL lists in certain circumstances↗2014-03-12

▶

Debian

CVE-2013-6442: samba - The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 an...↗2013

▶

💬Community

Bugzilla

CVE-2013-4496 CVE-2013-6442 samba: various flaws [fedora-all]↗2014-03-12

▶

Bugzilla

CVE-2013-6442 samba: smbcacls will delete ACL lists in certain circumstances↗2013-12-17

▶