samba
Page content
- Author: kikadf
- Vulnerable: 3.6.9-4arcturus1
- Unaffected: 3.6.23-1arcturus1
Andrew Bartlett discovered that Samba did not properly enforce the password guessing protection mechanism for all interfaces. Samba have a flaw in the smbcacls command. If smbcacls is used with the “-C|–chown name” or “-G|–chgrp name” command options it will remove the existing ACL on the object being modified, leaving the file or directory unprotected.