CVE-2010-0728:

===========================================================
== Subject:     Allowing all file system access even when
==		permissions should have denied access.
==
== CVE ID#:     CVE-2010-0728
==
== Versions:    3.3.11, 3.4.6 and 3.5.0
==
== Summary:     This flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE
==		capabilities, allowing all file system access to be allowed
==		even when permissions should have denied access.
===========================================================

===========
Description
===========

This flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE
capabilities, allowing all file system access to be allowed
even when permissions should have denied access.

Please note this security problem does not affect any platform that does
not support capabilities and platforms where binaries were built without
libcap support.
Also note that 3.4.5 and prior 3.4.x versions and 3.3.10 and prior 3.3.x
versions are NOT affected.


==================
Patch Availability
==================

A Patch addressing this issue has been posted to:

    http://www.samba.org/samba/security/

Additionally, Samba 3.3.12, 3.4.7 and 3.5.1 have been issued
as security releases to correct the defect.  Samba administrators are
advised to upgrade to these releases or apply the patch as soon
as possible.

==========
Workaround
==========

None available

=======
Credits
=======

The problem was was reported as
https://bugzilla.samba.org/show_bug.cgi?id=7222
by Andreas Matthus <Andreas.Matthus@tu-dresden.de>.

==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================