PT-2013-2349 · Samba+1 · Samba+1
Ulf Troppens
·
Published
2013-03-26
·
Updated
2024-06-15
·
CVE-2013-0454
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Samba versions 3.6.x through 3.6.5
IBM Storwize V7000 Unified versions 1.3 through 1.3.2.2
IBM Storwize V7000 Unified versions 1.4 through 1.4.0.0
Description
The issue is related to the SMB2 implementation, which does not properly enforce CIFS share attributes. This allows remote authenticated users to write to a read-only share, trigger data-integrity problems, or have an unspecified impact by leveraging incorrect handling of certain parameters, such as
browseable or hide unreadable.Recommendations
For Samba versions 3.6.x through 3.6.5, update to version 3.6.6 or later.
For IBM Storwize V7000 Unified versions 1.3 through 1.3.2.2, update to version 1.3.2.3 or later.
For IBM Storwize V7000 Unified versions 1.4 through 1.4.0.0, update to version 1.4.0.1 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Storwize V7000 Unified
Samba