CVE-2013-0454 — Samba vulnerability

CWE-2647 documents7 sources

Severity

4.0MEDIUMNVD

EPSS

1.9%

top 16.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba Canonical Ubuntu Linux +1 more

Timeline

PublishedMar 26

Latest updateMay 5

Description

The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" para…

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/samba< samba 2:3.6.6-1 (bookworm)

▶Debiansamba/samba< 2:3.6.6-1+3

▶NVDsamba/samba3.6.5+5

▶NVDibm/storwizev7000

Also affects: Ubuntu Linux 12.04

🔴Vulnerability Details

GHSA

GHSA-7f36-rv57-68gp: The SMB2 implementation in Samba 3↗2022-05-05

▶

OSV

CVE-2013-0454: The SMB2 implementation in Samba 3↗2013-03-26

▶

📋Vendor Advisories

Ubuntu

Samba vulnerability↗2013-04-16

▶

Debian

CVE-2013-0454: samba - The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize...↗2013

▶

Red Hat

samba: the SMB2 server does not release unused shares↗2012-06-25

▶

💬Community

Bugzilla

CVE-2013-0454 samba: the SMB2 server does not release unused shares↗2013-03-27

▶