CVE-2013-6442

The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended administrative change.

Published: Mar 14, 2014
Updated: Apr 13, 2023
CVE: CVE-2013-6442
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
samba / samba	4.1.5	4.1.5.x
samba / samba	4.1.4	4.1.4.x
samba / samba	4.1.0	4.1.0.x
samba / samba	4.1.2	4.1.2.x
samba / samba	4.1.3	4.1.3.x
samba / samba	4.1.1	4.1.1.x
samba / samba	4.0.14	4.0.14.x
samba / samba	4.0.2	4.0.2.x
samba / samba	4.0.11	4.0.11.x
samba / samba	4.0.3	4.0.3.x
samba / samba	4.0.13	4.0.13.x
samba / samba	4.0.6	4.0.6.x
samba / samba	4.0.10	4.0.10.x
samba / samba	4.0.7	4.0.7.x
samba / samba	4.0.1	4.0.1.x
samba / samba	4.0.8	4.0.8.x
samba / samba	4.0.0	4.0.0.x
samba / samba	4.0.5	4.0.5.x
samba / samba	4.0.12	4.0.12.x
samba / samba	4.0.4	4.0.4.x
samba / samba	4.0.15	4.0.15.x
samba / samba	4.0.9	4.0.9.x

Vulnerability Database

289,697

CVE-2013-6442