Samba 4.x < 4.0.4 AD DC File Permissions

medium Nessus Plugin ID 65631

Synopsis

The remote Samba server is affected by a permissions vulnerability.

Description

According to its banner, the version of Samba running on the remote host is 4.x prior to 4.0.4 and is, therefore, potentially affected by a file permissions vulnerability.

Files on Active Directory Domain Controllers(AD DC) may be created with world-writeable permissions when additional CIFS file shares are created on the AD DC.

Note that this issue does not affect the AD DC by default and thus, does not affect files in the 'sysvol' and 'netlogon' shares. Further, installs configured as standalone server, domain member, file server, classic domain controller and installs built with '--without-ad-dc' are not affected. However, it does affect files on shares with simple Unix permissions.

Further note that Nessus has relied only on the self-reported version number and has not actually tried to exploit this issue, or determine if the associated patch has been applied.

Solution

Either install the patch referenced in the project's advisory, or upgrade to 4.0.4 or later.

See Also

https://www.samba.org/samba/security/CVE-2013-1863.html

https://www.samba.org/samba/history/samba-4.0.4.html

http://www.nessus.org/u?f2fdc9db

Plugin Details

Severity: Medium

ID: 65631

File Name: samba_4_0_4.nasl

Version: 1.6

Type: remote

Family: Misc.

Published: 3/20/2013

Updated: 11/27/2019

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 6

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2013-1863

Vulnerability Information

CPE: cpe:/a:samba:samba

Required KB Items: SMB/NativeLanManager, SMB/samba, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 3/19/2013

Vulnerability Publication Date: 3/19/2013

Reference Information

CVE: CVE-2013-1863

BID: 58596