CVE-2013-6442 (retired)

Priority
Description
The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before
4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or
--chgrp option, which allows remote attackers to bypass intended access
restrictions in opportunistic circumstances by leveraging an unintended
administrative change.
Assigned-to
mdeslaur
Package
Source: samba (LP Ubuntu Debian)
Upstream:released (4.0.16, 4.1.6)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):released (2:4.1.3+dfsg-2ubuntu4)
Patches:
Upstream:http://www.samba.org/samba/ftp/patches/security/samba-4.1.5-CVE-2013-4496-CVE-2013-6442.patch
Package
Upstream:released (4.0.16, 4.1.6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
Upstream:http://www.samba.org/samba/ftp/patches/security/samba-4.1.5-CVE-2013-4496-CVE-2013-6442.patch
Upstream:http://www.samba.org/samba/ftp/patches/security/samba-4.0.15-CVE-2013-4496-CVE-2013-6442.patch
More Information

Updated: 2019-09-19 15:46:30 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)