Vulnerability Details CVE-2010-0728
smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 83.4%
CVSS Severity
CVSS v2 Score 8.5
References
- http://lists.samba.org/archive/samba-announce/2010/000211.html
- http://www.samba.org/samba/history/samba-3.3.12.html
- http://www.samba.org/samba/history/samba-3.4.7.html
- http://www.samba.org/samba/history/samba-3.5.1.html
- http://www.samba.org/samba/security/CVE-2010-0728
- https://bugzilla.samba.org/show_bug.cgi?id=7222
- http://lists.samba.org/archive/samba-announce/2010/000211.html
- http://www.samba.org/samba/history/samba-3.3.12.html
- http://www.samba.org/samba/history/samba-3.4.7.html
- http://www.samba.org/samba/history/samba-3.5.1.html
- http://www.samba.org/samba/security/CVE-2010-0728
- https://bugzilla.samba.org/show_bug.cgi?id=7222