CVE Daily

CVE-2013-0172

Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configur...

Low CVSS 3.5

Overview

Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects by leveraging (1) objectClass access by a user, (2) objectClass access by a group, or (3) write access to an attribute.

CWE: CWE-264 Published: 2013-01-17T21:55:00.947
Risk analysis

This vulnerability is rated 🟢 LOW.

  • CVSS: 3.5 (LOW)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags