PublicDateAtUSN: 2013-11-13 Candidate: CVE-2013-4475 PublicDate: 2013-11-13 15:55:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475 https://lists.samba.org/archive/samba-technical/2013-October/095725.html http://www.samba.org/samba/security/CVE-2013-4475 https://ubuntu.com/security/notices/USN-2054-1 Description: Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS). Ubuntu-Description: Notes: mdeslaur> per Upstream, Samba 3.2.0 and higher mdeslaur> not a default config Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1024542 https://bugzilla.samba.org/show_bug.cgi?id=10235 (private) https://bugzilla.samba.org/show_bug.cgi?id=10229 Priority: low Discovered-by: Hemanth Thummala Assigned-to: mdeslaur CVSS: Patches_samba4: upstream_samba4: released (4.1.1,4.0.11) lucid_samba4: ignored (reached end-of-life) precise_samba4: ignored (reached end-of-life) precise/esm_samba4: DNE (precise was needed) quantal_samba4: ignored (reached end-of-life) raring_samba4: ignored (reached end-of-life) saucy_samba4: ignored (reached end-of-life) trusty_samba4: DNE trusty/esm_samba4: DNE utopic_samba4: DNE vivid_samba4: DNE vivid/stable-phone-overlay_samba4: DNE vivid/ubuntu-core_samba4: DNE wily_samba4: DNE xenial_samba4: DNE yakkety_samba4: DNE zesty_samba4: DNE devel_samba4: DNE Patches_samba: upstream: http://git.samba.org/?p=samba.git;a=commit;h=14d48130870579541c07f5a0f64638e635ddce95 (3.6) upstream_samba: released (3.6.20) lucid_samba: released (2:3.4.7~dfsg-1ubuntu3.13) precise_samba: released (2:3.6.3-2ubuntu2.9) precise/esm_samba: released (2:3.6.3-2ubuntu2.9) quantal_samba: released (2:3.6.6-3ubuntu5.3) raring_samba: released (2:3.6.9-1ubuntu1.2) saucy_samba: released (2:3.6.18-1ubuntu3.1) trusty_samba: released (2:4.0.13+dfsg-1ubuntu1) trusty/esm_samba: released (2:4.0.13+dfsg-1ubuntu1) utopic_samba: released (2:4.0.13+dfsg-1ubuntu1) vivid_samba: released (2:4.0.13+dfsg-1ubuntu1) vivid/stable-phone-overlay_samba: DNE vivid/ubuntu-core_samba: DNE wily_samba: released (2:4.0.13+dfsg-1ubuntu1) xenial_samba: released (2:4.0.13+dfsg-1ubuntu1) esm-infra/xenial_samba: released (2:4.0.13+dfsg-1ubuntu1) yakkety_samba: released (2:4.0.13+dfsg-1ubuntu1) zesty_samba: released (2:4.0.13+dfsg-1ubuntu1) devel_samba: released (2:4.0.13+dfsg-1ubuntu1)