Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0454

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2013-0454
Last Modified 10 Oct 2013 03:18:36
Published 26 Mar 2013 05:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2013-0454

Summary

The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 12.04

Application

  • Ibm Storwize V7000

  • Samba 1.9.17

  • Samba 1.9.18

  • Samba 2.0

  • Samba 2.0.0

  • Samba 2.0.1

  • Samba 2.0.10

  • Samba 2.0.2

  • Samba 2.0.3

  • Samba 2.0.4

  • Samba 2.0.5

  • Samba 2.0.5a

  • Samba 2.0.6

  • Samba 2.0.7

  • Samba 2.0.8

  • Samba 2.0.9

  • Samba 2.18.3

  • Samba 2.2

  • Samba 2.2.0

  • Samba 2.2.0a

  • Samba 2.2.1

  • Samba 2.2.10

  • Samba 2.2.11

  • Samba 2.2.12

  • Samba 2.2.1a

  • Samba 2.2.2

  • Samba 2.2.3

  • Samba 2.2.3a

  • Samba 2.2.4

  • Samba 2.2.5

  • Samba 2.2.6

  • Samba 2.2.7

  • Samba 2.2.7a

  • Samba 2.2.8

  • Samba 2.2.8a

  • Samba 2.2.9

  • Samba 2.2a

  • Samba 3.0

  • Samba 3.0.0

  • Samba 3.0.1

  • Samba 3.0.10

  • Samba 3.0.11

  • Samba 3.0.12

  • Samba 3.0.13

  • Samba 3.0.14

  • Samba 3.0.14a

  • Samba 3.0.15

  • Samba 3.0.16

  • Samba 3.0.17

  • Samba 3.0.18

  • Samba 3.0.19

  • Samba 3.0.2

  • Samba 3.0.20

  • Samba 3.0.20a

  • Samba 3.0.20b

  • Samba 3.0.21

  • Samba 3.0.21a

  • Samba 3.0.21b

  • Samba 3.0.21c

  • Samba 3.0.22

  • Samba 3.0.23

  • Samba 3.0.23a

  • Samba 3.0.23b

  • Samba 3.0.23c

  • Samba 3.0.23d

  • Samba 3.0.24

  • Samba 3.0.25

  • Samba 3.0.25a

  • Samba 3.0.25b

  • Samba 3.0.25c

  • Samba 3.0.26

  • Samba 3.0.26a

  • Samba 3.0.27

  • Samba 3.0.28

  • Samba 3.0.29

  • Samba 3.0.2a

  • Samba 3.0.3

  • Samba 3.0.30

  • Samba 3.0.31

  • Samba 3.0.32

  • Samba 3.0.33

  • Samba 3.0.34

  • Samba 3.0.35

  • Samba 3.0.36

  • Samba 3.0.37

  • Samba 3.0.4

  • Samba 3.0.5

  • Samba 3.0.6

  • Samba 3.0.7

  • Samba 3.0.8

  • Samba 3.0.9

  • Samba 3.1

  • Samba 3.2.0

  • Samba 3.2.1

  • Samba 3.2.10

  • Samba 3.2.11

  • Samba 3.2.12

  • Samba 3.2.13

  • Samba 3.2.14

  • Samba 3.2.15

  • Samba 3.2.2

  • Samba 3.2.3

  • Samba 3.2.4

  • Samba 3.2.5

  • Samba 3.2.6

  • Samba 3.2.7

  • Samba 3.2.8

  • Samba 3.2.9

  • Samba 3.3.0

  • Samba 3.3.1

  • Samba 3.3.10

  • Samba 3.3.11

  • Samba 3.3.12

  • Samba 3.3.13

  • Samba 3.3.14

  • Samba 3.3.15

  • Samba 3.3.16

  • Samba 3.3.2

  • Samba 3.3.3

  • Samba 3.3.4

  • Samba 3.3.5

  • Samba 3.3.6

  • Samba 3.3.7

  • Samba 3.3.8

  • Samba 3.3.9

  • Samba 3.4.0

  • Samba 3.4.1

  • Samba 3.4.10

  • Samba 3.4.11

  • Samba 3.4.12

  • Samba 3.4.13

  • Samba 3.4.14

  • Samba 3.4.15

  • Samba 3.4.16

  • Samba 3.4.17

  • Samba 3.4.2

  • Samba 3.4.3

  • Samba 3.4.4

  • Samba 3.4.5

  • Samba 3.4.6

  • Samba 3.4.7

  • Samba 3.4.8

  • Samba 3.4.9

  • Samba 3.5.0

  • Samba 3.5.1

  • Samba 3.5.10

  • Samba 3.5.11

  • Samba 3.5.12

  • Samba 3.5.13

  • Samba 3.5.14

  • Samba 3.5.15

  • Samba 3.5.16

  • Samba 3.5.17

  • Samba 3.5.18

  • Samba 3.5.19

  • Samba 3.5.2

  • Samba 3.5.20

  • Samba 3.5.21

  • Samba 3.5.3

  • Samba 3.5.4

  • Samba 3.5.5

  • Samba 3.5.6

  • Samba 3.5.7

  • Samba 3.5.8

  • Samba 3.5.9

  • Samba 3.6.0

  • Samba 3.6.1

  • Samba 3.6.2

  • Samba 3.6.3

  • Samba 3.6.4

  • Samba 3.6.5


References

CONFIRM - https://www.samba.org/samba/security/CVE-2013-0454

MLIST - [samba-announce] 20120625 [Announce] Samba 3.6.6 Available for Download

MISC - https://bugzilla.samba.org/show_bug.cgi?id=8738

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=928419

XF - storwize-cifs-incorrect-permissions(80970)

CONFIRM - http://www.ibm.com/support/docview.wss?uid=ssg1S1004289

UBUNTU - USN-1802-1


Last Updated: 27 May 2016 11:02:09