1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
6 <title>Samba - Security Announcement Archive</title>
11 <H2>CVE-2013-6442.html:</H2>
15 ===========================================================
16 == Subject: smbcacls will remove the ACL on a file
17 == or directory when changing owner or group
20 == CVE ID#: CVE-2013-6442
22 == Versions: All versions of Samba later than 4.0.0
24 == Summary: smbcacls can remove a file or directory
27 ===========================================================
33 Samba versions 4.0.0 and above have a flaw in the smbcacls command. If
34 smbcacls is used with the "-C|--chown name" or "-G|--chgrp name"
35 command options it will remove the existing ACL on the object being
36 modified, leaving the file or directory unprotected.
42 Patches addressing this issue have been posted to:
44 http://www.samba.org/samba/security/
46 Samba versions 4.0.16 and 4.1.6 have been released to address this
53 Use server based tools (chown) to modify owners on files and
60 This problem was found by an internal audit of the Samba code by Noel
63 Patch provided by Jeremy Allison of the Samba team.
65 ==========================================================
66 == Our Code, Our Bugs, Our Responsibility.
68 ==========================================================