4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
0.005 Low
EPSS
Percentile
75.8%
Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x
before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled,
allows remote attackers to bypass intended file restrictions by leveraging
ACL differences between a file and an associated alternate data stream
(ADS).
Author | Note |
---|---|
mdeslaur | per Upstream, Samba 3.2.0 and higher not a default config |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | samba | < 2:3.4.7~dfsg-1ubuntu3.13 | UNKNOWN |
ubuntu | 12.04 | noarch | samba | < 2:3.6.3-2ubuntu2.9 | UNKNOWN |
ubuntu | 12.10 | noarch | samba | < 2:3.6.6-3ubuntu5.3 | UNKNOWN |
ubuntu | 13.04 | noarch | samba | < 2:3.6.9-1ubuntu1.2 | UNKNOWN |
ubuntu | 13.10 | noarch | samba | < 2:3.6.18-1ubuntu3.1 | UNKNOWN |
ubuntu | 14.04 | noarch | samba | < 2:4.0.13+dfsg-1ubuntu1 | UNKNOWN |
ubuntu | 14.10 | noarch | samba | < 2:4.0.13+dfsg-1ubuntu1 | UNKNOWN |
ubuntu | 15.04 | noarch | samba | < 2:4.0.13+dfsg-1ubuntu1 | UNKNOWN |
ubuntu | 15.10 | noarch | samba | < 2:4.0.13+dfsg-1ubuntu1 | UNKNOWN |
ubuntu | 16.04 | noarch | samba | < 2:4.0.13+dfsg-1ubuntu1 | UNKNOWN |
www.samba.org/samba/security/CVE-2013-4475
launchpad.net/bugs/cve/CVE-2013-4475
lists.samba.org/archive/samba-technical/2013-October/095725.html
nvd.nist.gov/vuln/detail/CVE-2013-4475
security-tracker.debian.org/tracker/CVE-2013-4475
ubuntu.com/security/notices/USN-2054-1
www.cve.org/CVERecord?id=CVE-2013-4475