Samba 4.x < 4.0.4 AD DC File Permissions

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Samba server is affected by a permissions vulnerability.

Description :

According to its banner, the version of Samba running on the remote
host is 4.x prior to 4.0.4 and is, therefore, potentially affected by a
file permissions vulnerability.

Files on Active Directory Domain Controllers(AD DC) may be created with
world-writeable permissions when additional CIFS file shares are created
on the AD DC.

Note that this issue does not affect the AD DC by default and thus, does
not affect files in the 'sysvol' and 'netlogon' shares. Further,
installs configured as standalone server, domain member, file server,
classic domain controller and installs built with '--without-ad-dc' are
not affected. However, it does affect files on shares with simple Unix
permissions.

Further note that Nessus has relied only on the self-reported version
number and has not actually tried to exploit this issue, or determine if
the associated patch has been applied.

See also :

http://www.samba.org/samba/security/CVE-2013-1863
http://www.samba.org/samba/history/samba-4.0.4.html
http://www.nessus.org/u?f1e441d9

Solution :

Either install the patch referenced in the project's advisory, or
upgrade to 4.0.4 or later.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVSS Temporal Score : 2.9
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 65631 ()

Bugtraq ID: 58596

CVE ID: CVE-2013-1863