Published: 26/03/2013 Updated: 29/08/2017

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

The SMB2 implementation in Samba 3.6.x prior to 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 prior to 1.3.2.3 and 1.4 prior to 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
canonical ubuntu linux 12.04
samba samba 3.6.3
samba samba 3.6.2
samba samba 3.6.1
samba samba 3.6.0
samba samba
samba samba 3.6.4
ibm storwize v7000

Samba would allow unintended write access to files over the network ...

CWE-264 http://www.ibm.com/support/docview.wss?uid=ssg1S1004289 https://lists.samba.org/archive/samba-announce/2012/000259.html https://bugzilla.samba.org/show_bug.cgi?id=8738 https://bugzilla.redhat.com/show_bug.cgi?id=928419 https://www.samba.org/samba/security/CVE-2013-0454 http://www.ubuntu.com/usn/USN-1802-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/80970 https://usn.ubuntu.com/1802-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-0454

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect