4

CVE-2013-0454

EPSS 1.88%
Veröffentlicht 26.03.2013 21:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle psirt@us.ibm.com
Teams Watchlist Login
Unerledigt Login

The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Canonical ≫ Ubuntu Linux Version12.04 Update- Editionlts

Samba ≫ Samba Version <= 3.6.5

Samba ≫ Samba Version3.6.0

Samba ≫ Samba Version3.6.1

Samba ≫ Samba Version3.6.2

Samba ≫ Samba Version3.6.3

Samba ≫ Samba Version3.6.4

Ibm ≫ Storwize Versionv7000 Update1.3

Ibm ≫ Storwize Versionv7000 Update1.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.88%	0.815

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

http://www.ibm.com/support/docview.wss?uid=ssg1S1004289

Vendor Advisory

http://www.ubuntu.com/usn/USN-1802-1

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=928419

https://bugzilla.samba.org/show_bug.cgi?id=8738

https://exchange.xforce.ibmcloud.com/vulnerabilities/80970

https://lists.samba.org/archive/samba-announce/2012/000259.html

https://www.samba.org/samba/security/CVE-2013-0454

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-0454

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-0454

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-0454

EUVD