Noel Power

**Name of the Vulnerable Software and Affected Versions** Samba versions 4.0.x through 4.0.15 Samba versions 4.1.x through 4.1.5 **Description** The issue exists in the owner set function in smbcacls.c in smbcacls due to the removal of an access control list when using the --chown or --chgrp options. This allows remote attackers to bypass intended access restrictions by leveraging an unintended administrative change. The vulnerability can lead to a breach of confidentiality, integrity, and availability of protected information. **Recommendations** For Samba versions 4.0.x through 4.0.15, update to version 4.0.16 or later. For Samba versions 4.1.x through 4.1.5, update to version 4.1.6 or later. As a temporary workaround, consider restricting the use of the --chown and --chgrp options in smbcacls until a patch is available.