CVE-2013-6442.html:

===========================================================
== Subject:     smbcacls will remove the ACL on a file
== 		or directory when changing owner or group
==		owner.
==
== CVE ID#:     CVE-2013-6442
==
== Versions:    All versions of Samba later than 4.0.0
==
== Summary:     smbcacls can remove a file or directory
== 		ACL by mistake.
==
===========================================================

===========
Description
===========

Samba versions 4.0.0 and above have a flaw in the smbcacls command. If
smbcacls is used with the "-C|--chown name" or "-G|--chgrp name"
command options it will remove the existing ACL on the object being
modified, leaving the file or directory unprotected.

==================
Patch Availability
==================

Patches addressing this issue have been posted to:

    http://www.samba.org/samba/security/

Samba versions 4.0.16 and 4.1.6 have been released to address this
issue.

==========
Workaround
==========

Use server based tools (chown) to modify owners on files and
directories.

=======
Credits
=======

This problem was found by an internal audit of the Samba code by Noel
Power of SuSE.

Patch provided by Jeremy Allison of the Samba team.

==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================