CVE-2013-4475

samba: no access check verification on stream files

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS).

Samba 3.x anteriores a 3.6.20, 4.0.x anteriores a 4.0.11, y 4.1.x anteriores a 4.1.1, cuando vfs_streams_depot o vfs_streams_xattr está activo, permite a atacantes remotos sortear restricciones de fichero aprovechando diferencias en las ACL entre un fichero un "alternate data stream" (ADS) asociado.

Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE-RPC packet could cause various Samba programs to crash or, possibly, execute arbitrary code when parsed. A malicious or compromised Active Directory Domain Controller could use this flaw to compromise the winbindd daemon running with root privileges.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-06-12 CVE Reserved
2013-11-13 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (21)

URL	Tag	Source
http://secunia.com/advisories/56508	Third Party Advisory
http://www.securityfocus.com/bid/63646	Third Party Advisory
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4475_access_control	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html	2022-09-01
http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.html	2022-09-01
http://lists.opensuse.org/opensuse-updates/2013-11/msg00083.html	2022-09-01
http://lists.opensuse.org/opensuse-updates/2013-11/msg00115.html	2022-09-01
http://lists.opensuse.org/opensuse-updates/2013-11/msg00117.html	2022-09-01
http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html	2022-09-01
http://rhn.redhat.com/errata/RHSA-2013-1806.html	2022-09-01
http://rhn.redhat.com/errata/RHSA-2014-0009.html	2022-09-01
http://security.gentoo.org/glsa/glsa-201502-15.xml	2022-09-01
http://www.debian.org/security/2013/dsa-2812	2022-09-01
http://www.samba.org/samba/history/samba-3.6.20.html	2022-09-01
http://www.samba.org/samba/history/samba-4.0.11.html	2022-09-01
http://www.samba.org/samba/history/samba-4.1.1.html	2022-09-01
http://www.samba.org/samba/security/CVE-2013-4475	2022-09-01
http://www.ubuntu.com/usn/USN-2054-1	2022-09-01
https://access.redhat.com/security/cve/CVE-2013-4475	2014-01-06
https://bugzilla.redhat.com/show_bug.cgi?id=1024542	2014-01-06

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				>= 3.2.0 < 3.6.20 Search vendor "Samba" for product "Samba" and version " >= 3.2.0 < 3.6.20"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				>= 4.0.0 < 4.0.11 Search vendor "Samba" for product "Samba" and version " >= 4.0.0 < 4.0.11"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.1.0 Search vendor "Samba" for product "Samba" and version "4.1.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				6.0 Search vendor "Debian" for product "Debian Linux" and version "6.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				10.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				12.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				13.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "13.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				13.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "13.10"		-		Affected