Permissions, Privileges, and Access Controls in Samba - CVE-2013-0172
Published: January 17, 2013 / Updated: August 11, 2020
Vulnerability identifier: #VU43169
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2013-0172
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Samba
Affected software:
Samba
Samba
Detailed vulnerability description
The vulnerability allows a remote #AU# to manipulate data.
Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects by leveraging (1) objectClass access by a user, (2) objectClass access by a group, or (3) write access to an attribute.
How to mitigate CVE-2013-0172
Install update from vendor's website.