CVE-2013-0454

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2013-0454

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2013-0454.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2013-0454

Related

openSUSE-SU-2024:10069-1

Published

2013-03-26T21:55:01Z

Modified

2024-09-18T01:00:22Z

Summary

[none]

Details

The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter.

References

Affected packages

Debian:11 / samba

Package

Name: samba
Purl: pkg:deb/debian/samba?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:3.6.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / samba

Package

Name: samba
Purl: pkg:deb/debian/samba?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:3.6.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / samba

Package

Name: samba
Purl: pkg:deb/debian/samba?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:3.6.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}