CVE-2013-6442

Name of the Vulnerable Software and Affected Versions Samba versions 4.0.x through 4.0.15 Samba versions 4.1.x through 4.1.5

Description The issue exists in the owner set function in smbcacls.c in smbcacls due to the removal of an access control list when using the --chown or --chgrp options. This allows remote attackers to bypass intended access restrictions by leveraging an unintended administrative change. The vulnerability can lead to a breach of confidentiality, integrity, and availability of protected information.

Recommendations For Samba versions 4.0.x through 4.0.15, update to version 4.0.16 or later. For Samba versions 4.1.x through 4.1.5, update to version 4.1.6 or later. As a temporary workaround, consider restricting the use of the --chown and --chgrp options in smbcacls until a patch is available.