Vulnerability Description
Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify, create, or delete arbitrary files via standard filesystem operations.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Samba | Samba | 4.0.0 |
Related Weaknesses (CWE)
References
- http://www.samba.org/samba/ftp/patches/security/samba-4.0.3-CVE-2013-1863.patchPatch
- http://www.samba.org/samba/security/CVE-2013-1863Vendor Advisory
- http://www.samba.org/samba/ftp/patches/security/samba-4.0.3-CVE-2013-1863.patchPatch
- http://www.samba.org/samba/security/CVE-2013-1863Vendor Advisory
FAQ
What is CVE-2013-1863?
CVE-2013-1863 is a vulnerability with a CVSS score of 6.0 (MEDIUM). Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify, c...
How severe is CVE-2013-1863?
CVE-2013-1863 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1863?
Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba.