CVE-2013-0172 — LOW (3.5) — White Hats Nepal

Vulnerability Description

Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects by leveraging (1) objectClass access by a user, (2) objectClass access by a group, or (3) write access to an attribute.

CVSS Score

3.5

LOW

AV:N/AC:M/Au:S/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Samba	Samba	4.0.0

Related Weaknesses (CWE)

CWE-264

References

http://www.samba.org/samba/security/CVE-2013-0172Vendor Advisory
http://www.samba.org/samba/security/CVE-2013-0172Vendor Advisory

FAQ

What is CVE-2013-0172?

CVE-2013-0172 is a vulnerability with a CVSS score of 3.5 (LOW). Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authent...

How severe is CVE-2013-0172?

CVE-2013-0172 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-0172?

Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba.