QwikSec

Security Database

CVE

CWE

Training

CVE-2013-0454

Published: Mar 26, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

storwize-cifs-incorrect-permissions(80970)

vdb-entry

x_refsource_XF

https://bugzilla.redhat.com/show_bug.cgi?id=928419

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

http://www.ibm.com/support/docview.wss?uid=ssg1S1004289

x_refsource_CONFIRM

https://www.samba.org/samba/security/CVE-2013-0454

x_refsource_CONFIRM

https://bugzilla.samba.org/show_bug.cgi?id=8738

x_refsource_MISC

[samba-announce] 20120625 [Announce] Samba 3.6.6 Available for Download

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.