It was reported [1] that there are no ACL checks done on accessing stream files (as opposed to regular files) when performing generic file operations like read and write. A stream file created on a CIFS share, with explicit deny write ACE applied, would be ignored, despite the access control. This could allow users able to access the CIFS share on which such a restricted stream file existed, to read and write to the stream file when the expectation was that they were not authorized to do so. A patch has been posted to the samba-technical mailing list [2] to correct this flaw. Samba 3.6 and higher are affected by this flaw. [1] https://bugzilla.samba.org/show_bug.cgi?id=10235 [2] https://lists.samba.org/archive/samba-technical/attachments/20131028/3f1fc04c/attachment.patch
Created samba tracking bugs for this issue: Affects: fedora-all [bug 1024544]
Public report on the upstream samba-technical list: https://lists.samba.org/archive/samba-technical/2013-October/095725.html
This issue is now fixed in upstream Samba versions 3.6.20, 4.0.11, and 4.1.1. External References: http://www.samba.org/samba/security/CVE-2013-4475
Upstream commit: http://git.samba.org/?p=samba.git;a=commitdiff;h=60f922b
Public upstream bug report: https://bugzilla.samba.org/show_bug.cgi?id=10229
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2013:1806 https://rhn.redhat.com/errata/RHSA-2013-1806.html
This issue has been addressed in following products: Red Hat Storage 2.1 Via RHSA-2014:0009 https://rhn.redhat.com/errata/RHSA-2014-0009.html
Statement: This issue did not affect the samba package in Red Hat Enterprise Linux 5. This issue was addressed for the samba3x package in Red Hat Enterprise Linux 5 and the samba package in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2013-1806.html, and the samba package in Red Hat Storage via https://rhn.redhat.com/errata/RHSA-2014-0009.html