| Name | CVE-2013-1863 |
| Description | Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify, create, or delete arbitrary files via standard filesystem operations. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| samba4 | source | (unstable) | (not affected) |
- samba4 <not-affected> (Debian package only uses ntvfs, see #679678)
http://www.samba.org/samba/history/samba-4.0.4.html
http://www.samba.org/samba/security/CVE-2013-1863