FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- ACLs are not checked on opening an alternate data stream on a file or directory

Affected packages
0 < samba34
0 < samba35
3.6.* < samba36 < 3.6.20
4.0.* < samba4 < 4.0.11
4.1.* < samba41 < 4.1.1


VuXML ID a4f08579-516c-11e3-9b62-000c292e4fd8
Discovery 2013-06-12
Entry 2013-11-19

The Samba project reports:

Samba versions 3.2.0 and above (all versions of 3.2.x, 3.3.x, 3.4.x, 3.5.x, 3.6.x, 4.0.x and 4.1.x) do not check the underlying file or directory ACL when opening an alternate data stream.

According to the SMB1 and SMB2+ protocols the ACL on an underlying file or directory should control what access is allowed to alternate data streams that are associated with the file or directory.


CVE Name CVE-2013-4475