CVE-2013-0454
Severity Score
4.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter.
Samba anterior a v3.6.6, tal como se utiliza en el IBM Storwize V7000 Unified v1.3 anterior a v1.3.2.3, y v1.4 anterior a v1.4.0.1 y posiblemente otros productos, no se aplican correctamente los atributos de CIFS de compartición, lo que permite a usuarios remotos autenticados para (1) escribir en un participación de sólo lectura, (2) disparar problemas de integridad de datos relacionados con la operación de bloqueo, bloqueo, coherencia, arrendamiento de atributo, o (3) tener un impacto no especificado mediante el aprovechamiento de la manipulación incorrecta del parámetro "hide unreadable".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-12-16 CVE Reserved
- 2013-03-26 CVE Published
- 2024-02-14 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=928419 | X_refsource_confirm | |
| https://bugzilla.samba.org/show_bug.cgi?id=8738 | X_refsource_misc | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/80970 | Vdb Entry | |
| https://lists.samba.org/archive/samba-announce/2012/000259.html | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ssg1S1004289 | 2017-08-29 | |
| http://www.ubuntu.com/usn/USN-1802-1 | 2017-08-29 | |
| https://www.samba.org/samba/security/CVE-2013-0454 | 2017-08-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | <= 3.6.5 Search vendor "Samba" for product "Samba" and version " <= 3.6.5" | - |
Affected
| in | Ibm Search vendor "Ibm" | Storwize Search vendor "Ibm" for product "Storwize" | v7000 Search vendor "Ibm" for product "Storwize" and version "v7000" | 1.3 |
Affected
|
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | <= 3.6.5 Search vendor "Samba" for product "Samba" and version " <= 3.6.5" | - |
Affected
| in | Ibm Search vendor "Ibm" | Storwize Search vendor "Ibm" for product "Storwize" | v7000 Search vendor "Ibm" for product "Storwize" and version "v7000" | 1.4 |
Affected
|
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.0 Search vendor "Samba" for product "Samba" and version "3.6.0" | - |
Affected
| in | Ibm Search vendor "Ibm" | Storwize Search vendor "Ibm" for product "Storwize" | v7000 Search vendor "Ibm" for product "Storwize" and version "v7000" | 1.3 |
Affected
|
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.0 Search vendor "Samba" for product "Samba" and version "3.6.0" | - |
Affected
| in | Ibm Search vendor "Ibm" | Storwize Search vendor "Ibm" for product "Storwize" | v7000 Search vendor "Ibm" for product "Storwize" and version "v7000" | 1.4 |
Affected
|
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.1 Search vendor "Samba" for product "Samba" and version "3.6.1" | - |
Affected
| in | Ibm Search vendor "Ibm" | Storwize Search vendor "Ibm" for product "Storwize" | v7000 Search vendor "Ibm" for product "Storwize" and version "v7000" | 1.3 |
Affected
|
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.1 Search vendor "Samba" for product "Samba" and version "3.6.1" | - |
Affected
| in | Ibm Search vendor "Ibm" | Storwize Search vendor "Ibm" for product "Storwize" | v7000 Search vendor "Ibm" for product "Storwize" and version "v7000" | 1.4 |
Affected
|
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.2 Search vendor "Samba" for product "Samba" and version "3.6.2" | - |
Affected
| in | Ibm Search vendor "Ibm" | Storwize Search vendor "Ibm" for product "Storwize" | v7000 Search vendor "Ibm" for product "Storwize" and version "v7000" | 1.3 |
Affected
|
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.2 Search vendor "Samba" for product "Samba" and version "3.6.2" | - |
Affected
| in | Ibm Search vendor "Ibm" | Storwize Search vendor "Ibm" for product "Storwize" | v7000 Search vendor "Ibm" for product "Storwize" and version "v7000" | 1.4 |
Affected
|
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.3 Search vendor "Samba" for product "Samba" and version "3.6.3" | - |
Affected
| in | Ibm Search vendor "Ibm" | Storwize Search vendor "Ibm" for product "Storwize" | v7000 Search vendor "Ibm" for product "Storwize" and version "v7000" | 1.3 |
Affected
|
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.3 Search vendor "Samba" for product "Samba" and version "3.6.3" | - |
Affected
| in | Ibm Search vendor "Ibm" | Storwize Search vendor "Ibm" for product "Storwize" | v7000 Search vendor "Ibm" for product "Storwize" and version "v7000" | 1.4 |
Affected
|
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.4 Search vendor "Samba" for product "Samba" and version "3.6.4" | - |
Affected
| in | Ibm Search vendor "Ibm" | Storwize Search vendor "Ibm" for product "Storwize" | v7000 Search vendor "Ibm" for product "Storwize" and version "v7000" | 1.3 |
Affected
|
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.4 Search vendor "Samba" for product "Samba" and version "3.6.4" | - |
Affected
| in | Ibm Search vendor "Ibm" | Storwize Search vendor "Ibm" for product "Storwize" | v7000 Search vendor "Ibm" for product "Storwize" and version "v7000" | 1.4 |
Affected
|
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | lts |
Affected
| ||||||