CVE-2013-0172 : Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Acce

Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects by leveraging (1) objectClass access by a user, (2) objectClass access by a group, or (3) write access to an attribute.

Published 2013-01-17 21:55:01

Updated 2013-01-18 05:00:00

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2013-0172

Probability of exploitation activity in the next 30 days: 0.08%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 33 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-0172

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.5	LOW	AV:N/AC:M/Au:S/C:N/I:P/A:N	6.8	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2013-0172

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-0172

http://www.samba.org/samba/security/CVE-2013-0172

Samba - Security Announcement Archive
Vendor Advisory

Products affected by CVE-2013-0172

Samba » Samba » Version: 4.0.0
cpe:2.3:a:samba:samba:4.0.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2013-0172

Exploit prediction scoring system (EPSS) score for CVE-2013-0172

CVSS scores for CVE-2013-0172

CWE ids for CVE-2013-0172

References for CVE-2013-0172

Products affected by CVE-2013-0172