[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-4475Date: (C)2013-11-19   (M)2023-12-22


Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS).

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.0
Exploit Score: 4.9
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECUNIA-56508
BID-63646
DSA-2812
FEDORA-2014-9132
GLSA-201502-15
RHSA-2013:1806
RHSA-2014:0009
SUSE-SU-2014:0024
USN-2054-1
http://www.samba.org/samba/history/samba-3.6.20.html
http://www.samba.org/samba/history/samba-4.0.11.html
http://www.samba.org/samba/history/samba-4.1.1.html
http://www.samba.org/samba/security/CVE-2013-4475
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4475_access_control
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993
openSUSE-SU-2013:1742
openSUSE-SU-2013:1787
openSUSE-SU-2013:1790
openSUSE-SU-2013:1921

CPE    7
cpe:/a:samba:samba
cpe:/o:canonical:ubuntu_linux:13.04
cpe:/o:debian:debian_linux:6.0
cpe:/o:debian:debian_linux:7.0
...
CWE    1
CWE-264
OVAL    13
oval:org.secpod.oval:def:106072
oval:org.secpod.oval:def:501154
oval:org.secpod.oval:def:1500341
oval:org.secpod.oval:def:601164
...

© SecPod Technologies