CVE-2013-1863
Samba 4.x < 4.0.4 - Authenticated Arbitrary File Manipulation via Non-Default CIFS Shares
Title source: llmDescription
Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify, create, or delete arbitrary files via standard filesystem operations.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.samba.org/samba/security/CVE-2013-1863
Patch x_refsource_confirm
http://www.samba.org/samba/ftp/patches/security/samba-4.0.3-CVE-2013-1863.patch
Scores
EPSS
0.0028
EPSS Percentile
51.8%
Details
CWE
CWE-264
Status
published
Products (4)
samba/samba
4.0.0
samba/samba
4.0.1
samba/samba
4.0.2
samba/samba
4.0.3
Published
Mar 19, 2013
Tracked Since
Feb 18, 2026