Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify, create, or delete arbitrary files via standard filesystem operations.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Samba | Samba | 4.0.0 (including) | 4.0.0 (including) |
| Samba | Samba | 4.0.1 (including) | 4.0.1 (including) |
| Samba | Samba | 4.0.2 (including) | 4.0.2 (including) |
| Samba | Samba | 4.0.3 (including) | 4.0.3 (including) |
| Samba4 | Ubuntu | lucid | * |
| Samba4 | Ubuntu | oneiric | * |
| Samba4 | Ubuntu | precise | * |
| Samba4 | Ubuntu | quantal | * |
| Samba4 | Ubuntu | raring | * |
| Samba4 | Ubuntu | saucy | * |
| Samba4 | Ubuntu | upstream | * |