CVE-2013-6442
Samba 4.0.x < 4.0.16 and 4.1.x < 4.1.6 - Unintended ACL Removal via smbcacls Owner Set
Title source: llmDescription
The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended administrative change.
References (8)
Core 8
Core References
Various Sources x_refsource_confirm
http://www.samba.org/samba/history/samba-4.1.6.html
Various Sources x_refsource_confirm
http://www.samba.org/samba/security/CVE-2013-6442
Various Sources x_refsource_confirm
http://www.samba.org/samba/history/samba-4.0.16.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-03/msg00062.html
Issue Tracking x_refsource_confirm
https://bugzilla.samba.org/show_bug.cgi?id=10327
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/66232
Scores
EPSS
0.0127
EPSS Percentile
79.8%
Details
CWE
CWE-264
Status
published
Products (22)
samba/samba
4.1.0
samba/samba
4.1.1
samba/samba
4.1.2
samba/samba
4.1.3
samba/samba
4.1.4
samba/samba
4.1.5
samba/samba
4.0.0
samba/samba
4.0.1
samba/samba
4.0.2
samba/samba
4.0.3
... and 12 more
Published
Mar 14, 2014
Tracked Since
Feb 18, 2026