CVE-2013-4475

 

Published at: - 13-11-2013 04:55

Last modified: - 01-09-2022 06:34

Total changes: - 2

Description

Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS).

Common Vulnerability Scoring System (CVSS)

AV:N/AC:H/Au:N/C:P/I:P/A:N

 

Verification logic

 

Reference

• http://www.samba.org/samba/history/samba-4.0.11.html
• http://www.samba.org/samba/history/samba-4.1.1.html
• http://www.samba.org/samba/history/samba-3.6.20.html
• http://www.samba.org/samba/security/CVE-2013-4475
• openSUSE-SU-2013:1742-Mailing List, Third Party Advisory
• openSUSE-SU-2013:1787-Mailing List, Third Party Advisory
• openSUSE-SU-2013:1790-Mailing List, Third Party Advisory
• RHSA-2013:1806-Third Party Advisory
• DSA-2812-Third Party Advisory
• openSUSE-SU-2013:1921-Mailing List, Third Party Advisory
• USN-2054-1-Third Party Advisory
• RHSA-2014:0009-Third Party Advisory
• SUSE-SU-2014:0024-Mailing List, Third Party Advisory
• 56508-Third Party Advisory
• https://blogs.oracle.com/sunsecurity/entry/cve_2013_4475_access_control
• 63646-Third Party Advisory, VDB Entry
• GLSA-201502-15-Third Party Advisory
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993
• FEDORA-2014-9132-Mailing List, Third Party Advisory

 

Keywords

NVD

 

CVE-2013-4475

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures