Vulnerability CVE-2013-6442: Information
Description
The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended administrative change.
Severity: MEDIUM (5.8)
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| samba | sisyphus | 4.1.6-alt1 | 4.19.6-alt1 | ALT-PU-2014-1308-1 | 116540 | Fixed |
| samba | p10 | 4.1.6-alt1 | 4.19.6-alt1 | ALT-PU-2014-1308-1 | 116540 | Fixed |
| samba | p9 | 4.1.6-alt1 | 4.14.10-alt2 | ALT-PU-2014-1308-1 | 116540 | Fixed |
| samba | c10f1 | 4.1.6-alt1 | 4.16.11-alt2 | ALT-PU-2014-1308-1 | 116540 | Fixed |
| samba | c9f2 | 4.1.6-alt1 | 4.14.14-alt0.c9.1 | ALT-PU-2014-1308-1 | 116540 | Fixed |
| samba | c7 | 4.0.16-alt0.M70P.1 | 4.6.15-alt1.M70C.1 | ALT-PU-2014-1479-1 | 118317 | Fixed |