Red Hat Bugzilla – Bug 922008
CVE-2013-1863 samba4: Samba 4.0 AD DC files (initially) created as world-writable if additional CIFS file shares are created on the AD DC
Last modified: 2015-07-29 09:14:49 EDT
A security flaw was found in the way Samba, when run as Active Directory Domain Controller (AD DC), performed (initial) setting of file's / directory's creation mask for CIFS shares configured to use traditional Unix's user / group / other (UGO) permissions set model as the default ACL policy for setting access policy to file system objects. When Samba was built to act as AD DC, a valid Samba user could use this flaw to in an unauthorized way read or alter content of CIFS share, that used Unix's UGO model as the default ACL policy. Relevant upstream bug: [1] https://bugzilla.samba.org/show_bug.cgi?id=9709 (private) External References: http://www.samba.org/samba/security/CVE-2013-1863
samba4 packages in Red Hat Enterprise Linux 6 are complied with the "--without-ad-dc" flag and are therefore not affected by this vulnerability. Statement: Not Vulnerable. This issue does not affect the version of samba4 as shipped with Red Hat Enterprise Linux 6.
samba4 package in Fedora-17 is not complied with the "--without-ad-dc" flag and is therefore affected by this vulnerability. In Fedora-18, samba4 package is called "samba" and is not affected by this flaw.
Relevant upstream patch: http://www.samba.org/samba/ftp/patches/security/samba-4.0.3-CVE-2013-1863.patch
Samba 4.0.4 announcement: https://lists.samba.org/archive/samba-announce/2013/000290.html Other reference: http://www.samba.org/samba/history/samba-4.0.4.html
Created samba4 tracking bugs for this issue Affects: fedora-17 [bug 923337]