5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.007 Low
EPSS
Percentile
80.7%
Samba versions 4.0.0 and above have a flaw in the smbcacls command. If
smbcacls is used with the โ-C|โchown nameโ or โ-G|โchgrp nameโ
command options it will remove the existing ACL on the object being
modified, leaving the file or directory unprotected.
Patches addressing this issue have been posted to:
http://www.samba.org/samba/security/
Samba versions 4.0.16 and 4.1.6 have been released to address this
issue.
Use server based tools (chown) to modify owners on files and
directories.
This problem was found by an internal audit of the Samba code by Noel
Power of SuSE.
Patch provided by Jeremy Allison of the Samba team.
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team