// For flags

CVE-2010-0728

 

Severity Score

8.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client.

smbd en Samba v3.3.11, v3.4.6, y v3.5.0, cuando el soporte libcap está activado, se ejecuta con la capacidad CAP_DAC_OVERRIDE, lo que permite a usuarios autenticados remotamente superar los permisos establecidos de archivos establecidos a través de operaciones filesystem con cualquier cliente.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-02-26 CVE Reserved
  • 2010-03-09 CVE Published
  • 2024-04-26 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.3.11
Search vendor "Samba" for product "Samba" and version "3.3.11"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.4.6
Search vendor "Samba" for product "Samba" and version "3.4.6"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.5.0
Search vendor "Samba" for product "Samba" and version "3.5.0"
-
Affected