[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-0454Date: (C)2013-03-27   (M)2023-12-22


The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.0
Exploit Score: 8.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
USN-1802-1
https://lists.samba.org/archive/samba-announce/2012/000259.html
http://www.ibm.com/support/docview.wss?uid=ssg1S1004289
https://bugzilla.redhat.com/show_bug.cgi?id=928419
https://bugzilla.samba.org/show_bug.cgi?id=8738
https://www.samba.org/samba/security/CVE-2013-0454
storwize-cifs-incorrect-permissions(80970)

CPE    7
cpe:/o:canonical:ubuntu_linux:12.04:-:lts
cpe:/a:samba:samba:3.6.3
cpe:/a:samba:samba
cpe:/a:samba:samba:3.6.4
...
CWE    1
CWE-264
OVAL    1
oval:org.secpod.oval:def:701256

© SecPod Technologies