Vigil@nce - Samba: ACL removed via smbcacls
March 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
In some situations, the smbcacls command of Samba can delete ACLs,
so an attacker can access to file which were previously protected.
Impacted products: Fedora, openSUSE, Samba, Slackware
Severity: 2/4
Creation date: 12/03/2014
DESCRIPTION OF THE VULNERABILITY
The smbcacls command processes ACLs on files.
The "-C|—chown name" and "-G|—chgrp name" options change the
owner and the group of a file/directory. However, when these
options are used, smbcacls removes the ACL of a file/directory.
In some situations, the smbcacls command of Samba can therefore
delete ACLs, so an attacker can access to files/directories which
were previously protected.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Samba-ACL-removed-via-smbcacls-14409