CVE-2010-0728
Published Mar 10, 2010
Last updated 15 years ago
Overview
- Description
- smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 8.5
- Impact score
- 10
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-264
Vendor comments
- Red HatNot vulnerable. This issue did not affect the versions of the samba package, as shipped with Red Hat Enterprise Linux 3, 4, or 5. This issue did not affect the version of the samba3x package, as shipped with Red Hat Enterprise Linux 5.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samba:samba:3.3.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "254D9460-899D-4D06-AC47-1914A42FC09A"
},
{
"criteria": "cpe:2.3:a:samba:samba:3.4.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9FC5E48D-95CC-46E9-9491-CA8A5FD9F14E"
},
{
"criteria": "cpe:2.3:a:samba:samba:3.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5900E6E-4379-4321-B69D-F9FBD341ACEC"
}
],
"operator": "OR"
}
]
}
]