Samba Access Control Flaw Lets Remote Authenticated Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1023700 |
|
SecurityTracker URL: http://securitytracker.com/id/1023700
|
|
CVE Reference:
CVE-2010-0728
(Links to External Site)
|
Date: Mar 10 2010
|
Impact:
Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 3.3.11, 3.4.6, 3.5.0
|
Description:
A vulnerability was reported in Samba. A remote authenticated user can access all files on the target shared directory.
The smbd process incorrectly inherits CAP_DAC_OVERRIDE capabilities. A remote authenticated user can gain full access to files on the target share.
Version 3.4.5 and prior 3.4.x versions and 3.3.10 and prior 3.3.x versions are not affected.
Andreas Matthus reported this vulnerability.
|
Impact:
A remote authenticated user can access all files on the target shared directory.
|
Solution:
The vendor has issued a fix (3.3.12, 3.4.7, 3.5.1). Patches are also available.
The vendor's advisory is available at:
http://us1.samba.org/samba/security/CVE-2010-0728.html
|
Vendor URL: us1.samba.org/samba/security/CVE-2010-0728.html (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 10 Mar 2010 05:18:35 +0000
Subject: Samba
|
http://us1.samba.org/samba/security/CVE-2010-0728.html
CVE-2010-0728
|
|
