CVE-2013-0454

The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter.
Severity
UNKNOWN
AV:N/AC:L/Au:S/C:N/I:P/A:N
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
canonicalubuntu_linux
12.04
sambasamba
𝑥
≤ 3.6.5
sambasamba
3.6.0
sambasamba
3.6.1
sambasamba
3.6.2
sambasamba
3.6.3
sambasamba
3.6.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
samba
bullseye (security)
2:4.13.13+dfsg-1~deb11u6
fixed
bullseye
2:4.13.13+dfsg-1~deb11u6
fixed
squeeze
not-affected
bookworm
2:4.17.12+dfsg-0+deb12u1
fixed
bookworm (security)
2:4.17.12+dfsg-0+deb12u1
fixed
sid
2:4.21.1+dfsg-2
fixed
trixie
2:4.21.1+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
samba
quantal
not-affected
precise
Fixed 2:3.6.3-2ubuntu2.6
released
oneiric
not-affected
lucid
not-affected
hardy
not-affected
Common Weakness Enumeration