4

CVE-2013-0454

EPSS 1.88%
Published 26.03.2013 21:55:01
Last modified 11.04.2025 00:51:21
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter.

Affected products Warnungen 0 Metrics 2 CWE 0 References 10

Data is provided by the National Vulnerability Database (NVD)

Canonical ≫ Ubuntu Linux Version12.04 Update- Editionlts

Samba ≫ Samba Version <= 3.6.5

Samba ≫ Samba Version3.6.0

Samba ≫ Samba Version3.6.1

Samba ≫ Samba Version3.6.2

Samba ≫ Samba Version3.6.3

Samba ≫ Samba Version3.6.4

Ibm ≫ Storwize Versionv7000 Update1.3

Ibm ≫ Storwize Versionv7000 Update1.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.88%	0.815

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

http://www.ibm.com/support/docview.wss?uid=ssg1S1004289

Vendor Advisory

http://www.ubuntu.com/usn/USN-1802-1

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=928419

https://bugzilla.samba.org/show_bug.cgi?id=8738

https://exchange.xforce.ibmcloud.com/vulnerabilities/80970

https://lists.samba.org/archive/samba-announce/2012/000259.html

https://www.samba.org/samba/security/CVE-2013-0454

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-0454

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-0454

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-0454

EUVD