5.8 - CVE-2013-6442

Executive Summary

Informations
Name	CVE-2013-6442	First vendor Publication	2014-03-14
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Cvss Base Score	5.8	Attack Range	Network
Cvss Impact Score	4.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended administrative change.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6442

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-264	Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:24297

Oval ID:	oval:org.mitre.oval:def:24297
Title:	RHSA-2014:0383: samba4 security update (Moderate)
Description:	Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote attacker could use this flaw to perform password guessing attacks on Samba user accounts. Note: this flaw only affected Samba when deployed as a Primary Domain Controller. (CVE-2013-4496) A flaw was found in Samba's "smbcacls" command, which is used to set or get ACLs on SMB file shares. Certain command line options of this command would incorrectly remove an ACL previously applied on a file or a directory, leaving the file or directory without the intended ACL. (CVE-2013-6442) A flaw was found in the way the pam_winbind module handled configurations that specified a non-existent group as required. An authenticated user could possibly use this flaw to gain access to a service using pam_winbind in its PAM configuration when group restriction was intended for access to the service. (CVE-2012-6150) Red Hat would like to thank the Samba project for reporting CVE-2013-4496 and CVE-2013-6442, and Sam Richardson for reporting CVE-2012-6150. Upstream acknowledges Andrew Bartlett as the original reporter of CVE-2013-4496, and Noel Power as the original reporter of CVE-2013-6442. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0383-00 CESA-2014:0383 CVE-2012-6150 CVE-2013-4496 CVE-2013-6442	Version:	3
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	samba4
Definition Synopsis:
Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section samba4-python is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-dc-libs is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-devel is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-winbind-krb5-locator is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-dc is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-pidl is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-winbind is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-test is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4 is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-libs is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-swat is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-client is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-winbind-clients is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-common is earlier than 0:4.0.0-61.el6_5.rc4

Definition Id: oval:org.mitre.oval:def:24775

Oval ID:	oval:org.mitre.oval:def:24775
Title:	ELSA-2014:0383: samba4 security update (Moderate)
Description:	Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote attacker could use this flaw to perform password guessing attacks on Samba user accounts. Note: this flaw only affected Samba when deployed as a Primary Domain Controller. (CVE-2013-4496) A flaw was found in Samba's "smbcacls" command, which is used to set or get ACLs on SMB file shares. Certain command line options of this command would incorrectly remove an ACL previously applied on a file or a directory, leaving the file or directory without the intended ACL. (CVE-2013-6442) A flaw was found in the way the pam_winbind module handled configurations that specified a non-existent group as required. An authenticated user could possibly use this flaw to gain access to a service using pam_winbind in its PAM configuration when group restriction was intended for access to the service. (CVE-2012-6150) Red Hat would like to thank the Samba project for reporting CVE-2013-4496 and CVE-2013-6442, and Sam Richardson for reporting CVE-2012-6150. Upstream acknowledges Andrew Bartlett as the original reporter of CVE-2013-4496, and Noel Power as the original reporter of CVE-2013-6442. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0383-00 CVE-2012-6150 CVE-2013-4496 CVE-2013-6442	Version:	5
Platform(s):	Oracle Linux 6	Product(s):	samba4
Definition Synopsis:
Oracle Linux 6.x rpm test samba4-python is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-dc-libs is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-devel is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-winbind-krb5-locator is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-dc is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-pidl is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-winbind is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-test is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4 is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-libs is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-swat is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-client is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-winbind-clients is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-common is earlier than 0:4.0.0-61.el6_5.rc4

Definition Id: oval:org.mitre.oval:def:26077

Oval ID:	oval:org.mitre.oval:def:26077
Title:	DEPRECATED: ELSA-2014-0383 -- samba4 security update (Moderate)
Description:	Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote attacker could use this flaw to perform password guessing attacks on Samba user accounts. Note: this flaw only affected Samba when deployed as a Primary Domain Controller. (CVE-2013-4496) A flaw was found in Samba's "smbcacls" command, which is used to set or get ACLs on SMB file shares. Certain command line options of this command would incorrectly remove an ACL previously applied on a file or a directory, leaving the file or directory without the intended ACL. (CVE-2013-6442) A flaw was found in the way the pam_winbind module handled configurations that specified a non-existent group as required. An authenticated user could possibly use this flaw to gain access to a service using pam_winbind in its PAM configuration when group restriction was intended for access to the service. (CVE-2012-6150) Red Hat would like to thank the Samba project for reporting CVE-2013-4496 and CVE-2013-6442, and Sam Richardson for reporting CVE-2012-6150. Upstream acknowledges Andrew Bartlett as the original reporter of CVE-2013-4496, and Noel Power as the original reporter of CVE-2013-6442. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-0383 CVE-2012-6150 CVE-2013-4496 CVE-2013-6442	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	samba4
Definition Synopsis:
Oracle Linux 6.x Packages match section samba4 RPM is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-client RPM is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-common RPM is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-dc RPM is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-dc-libs RPM is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-devel RPM is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-libs RPM is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-pidl RPM is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-python RPM is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-swat RPM is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-test RPM is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-winbind RPM is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-winbind-clients RPM is earlier than 0:4.0.0-61.el6_5.rc4 AND samba4-winbind-krb5-locator RPM is earlier than 0:4.0.0-61.el6_5.rc4

CPE : Common Platform Enumeration

Type	Description	Count
Application	Samba cpe:2.3:a:samba:samba:4.1.5:::::::* cpe:2.3:a:samba:samba:4.1.4:::::::* cpe:2.3:a:samba:samba:4.1.3:::::::* cpe:2.3:a:samba:samba:4.1.2:::::::* cpe:2.3:a:samba:samba:4.1.1:::::::* cpe:2.3:a:samba:samba:4.1.0:::::::* cpe:2.3:a:samba:samba:4.0.9:::::::* cpe:2.3:a:samba:samba:4.0.8:::::::* cpe:2.3:a:samba:samba:4.0.7:::::::* cpe:2.3:a:samba:samba:4.0.6:::::::* cpe:2.3:a:samba:samba:4.0.5:::::::* cpe:2.3:a:samba:samba:4.0.4:::::::* cpe:2.3:a:samba:samba:4.0.3:::::::* cpe:2.3:a:samba:samba:4.0.2:::::::* cpe:2.3:a:samba:samba:4.0.15:::::::* cpe:2.3:a:samba:samba:4.0.14:::::::* cpe:2.3:a:samba:samba:4.0.13:::::::* cpe:2.3:a:samba:samba:4.0.12:::::::* cpe:2.3:a:samba:samba:4.0.11:::::::* cpe:2.3:a:samba:samba:4.0.10:::::::* cpe:2.3:a:samba:samba:4.0.1:::::::* cpe:2.3:a:samba:samba:4.0.0:::::::*	22

Nessus® Vulnerability Scanner

Date	Description
2014-08-20	Name : The remote Fedora host is missing a security update. File : fedora_2014-9132.nasl - Type : ACT_GATHER_INFO
2014-06-26	Name : The remote Fedora host is missing a security update. File : fedora_2014-7672.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-228.nasl - Type : ACT_GATHER_INFO
2014-04-11	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0383.nasl - Type : ACT_GATHER_INFO
2014-04-10	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0383.nasl - Type : ACT_GATHER_INFO
2014-04-10	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0383.nasl - Type : ACT_GATHER_INFO
2014-04-10	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140409_samba4_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-03-28	Name : The remote Fedora host is missing a security update. File : fedora_2014-3815.nasl - Type : ACT_GATHER_INFO
2014-03-18	Name : The remote Samba server is affected by multiple vulnerabilities. File : samba_4_1_6.nasl - Type : ACT_GATHER_INFO
2014-03-17	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2014-072-01.nasl - Type : ACT_GATHER_INFO
2014-03-17	Name : The remote Fedora host is missing a security update. File : fedora_2014-3796.nasl - Type : ACT_GATHER_INFO
2014-03-12	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_03e48bf5a96d11e3a5563c970e169bc2.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864....
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html
http://lists.opensuse.org/opensuse-updates/2014-03/msg00062.html
http://www.samba.org/samba/history/samba-4.0.16.html
http://www.samba.org/samba/history/samba-4.1.6.html
http://www.samba.org/samba/security/CVE-2013-6442
http://www.securityfocus.com/bid/66232
https://bugzilla.samba.org/show_bug.cgi?id=10327

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 12:37:36	Multiple Updates
2021-05-04 12:28:10	Multiple Updates
2021-04-22 01:33:58	Multiple Updates
2020-05-23 00:38:41	Multiple Updates
2017-01-11 13:25:28	Multiple Updates
2017-01-07 09:25:14	Multiple Updates
2016-04-26 23:46:55	Multiple Updates
2014-07-17 09:21:55	Multiple Updates
2014-06-14 13:36:32	Multiple Updates
2014-04-12 13:22:55	Multiple Updates
2014-04-11 13:22:02	Multiple Updates
2014-03-29 13:23:47	Multiple Updates
2014-03-26 13:22:56	Multiple Updates
2014-03-19 13:21:29	Multiple Updates
2014-03-18 13:23:08	First insertion

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	3
CPE ID(s)	22
Sources(s)	8
Nessus® Exploit(s)	12

	Related
5.8	RHSA-2014:0383
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

5.8 - CVE-2013-6442

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU