CVE-2013-4475
Published: 13 November 2013
Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS).
Notes
| Author | Note |
|---|---|
| mdeslaur | per Upstream, Samba 3.2.0 and higher not a default config |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
samba Launchpad, Ubuntu, Debian |
lucid |
Released
(2:3.4.7~dfsg-1ubuntu3.13)
|
| precise |
Released
(2:3.6.3-2ubuntu2.9)
|
|
| quantal |
Released
(2:3.6.6-3ubuntu5.3)
|
|
| raring |
Released
(2:3.6.9-1ubuntu1.2)
|
|
| saucy |
Released
(2:3.6.18-1ubuntu3.1)
|
|
| trusty |
Released
(2:4.0.13+dfsg-1ubuntu1)
|
|
| upstream |
Released
(3.6.20)
|
|
| utopic |
Released
(2:4.0.13+dfsg-1ubuntu1)
|
|
| vivid |
Released
(2:4.0.13+dfsg-1ubuntu1)
|
|
| wily |
Released
(2:4.0.13+dfsg-1ubuntu1)
|
|
| xenial |
Released
(2:4.0.13+dfsg-1ubuntu1)
|
|
| yakkety |
Released
(2:4.0.13+dfsg-1ubuntu1)
|
|
| zesty |
Released
(2:4.0.13+dfsg-1ubuntu1)
|
|
|
Patches: upstream: http://git.samba.org/?p=samba.git;a=commit;h=14d48130870579541c07f5a0f64638e635ddce95 (3.6) |
||
|
samba4 Launchpad, Ubuntu, Debian |
lucid |
Ignored
(reached end-of-life)
|
| precise |
Does not exist
(precise was needed)
|
|
| quantal |
Ignored
(reached end-of-life)
|
|
| raring |
Ignored
(reached end-of-life)
|
|
| saucy |
Ignored
(reached end-of-life)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.1.1,4.0.11)
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|