CVE-2013-0454

Sažetak

The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter.

Reference

http://www.ibm.com/support/docview.wss?uid=ssg1S1004289
http://www.ubuntu.com/usn/USN-1802-1
https://bugzilla.redhat.com/show_bug.cgi?id=928419
https://bugzilla.samba.org/show_bug.cgi?id=8738
https://exchange.xforce.ibmcloud.com/vulnerabilities/80970
https://lists.samba.org/archive/samba-announce/2012/000259.html
https://www.samba.org/samba/security/CVE-2013-0454

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

29-08-2017 - 01:33

Objavljeno

26-03-2013 - 21:55