CVE-2013-0454
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter.
Samba anterior a v3.6.6, tal como se utiliza en el IBM Storwize V7000 Unified v1.3 anterior a v1.3.2.3, y v1.4 anterior a v1.4.0.1 y posiblemente otros productos, no se aplican correctamente los atributos de CIFS de compartición, lo que permite a usuarios remotos autenticados para (1) escribir en un participación de sólo lectura, (2) disparar problemas de integridad de datos relacionados con la operación de bloqueo, bloqueo, coherencia, arrendamiento de atributo, o (3) tener un impacto no especificado mediante el aprovechamiento de la manipulación incorrecta del parámetro "hide unreadable".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-12-16 CVE Reserved
- 2013-03-26 CVE Published
- 2024-02-14 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=928419 | X_refsource_confirm | |
https://bugzilla.samba.org/show_bug.cgi?id=8738 | X_refsource_misc | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/80970 | Vdb Entry | |
https://lists.samba.org/archive/samba-announce/2012/000259.html | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.ibm.com/support/docview.wss?uid=ssg1S1004289 | 2017-08-29 | |
http://www.ubuntu.com/usn/USN-1802-1 | 2017-08-29 | |
https://www.samba.org/samba/security/CVE-2013-0454 | 2017-08-29 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | <= 3.6.5 Search vendor "Samba" for product "Samba" and version " <= 3.6.5" | - |
Affected
| in | Ibm Search vendor "Ibm" | Storwize Search vendor "Ibm" for product "Storwize" | v7000 Search vendor "Ibm" for product "Storwize" and version "v7000" | 1.3 |
Affected
|
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | <= 3.6.5 Search vendor "Samba" for product "Samba" and version " <= 3.6.5" | - |
Affected
| in | Ibm Search vendor "Ibm" | Storwize Search vendor "Ibm" for product "Storwize" | v7000 Search vendor "Ibm" for product "Storwize" and version "v7000" | 1.4 |
Affected
|
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.0 Search vendor "Samba" for product "Samba" and version "3.6.0" | - |
Affected
| in | Ibm Search vendor "Ibm" | Storwize Search vendor "Ibm" for product "Storwize" | v7000 Search vendor "Ibm" for product "Storwize" and version "v7000" | 1.3 |
Affected
|
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.0 Search vendor "Samba" for product "Samba" and version "3.6.0" | - |
Affected
| in | Ibm Search vendor "Ibm" | Storwize Search vendor "Ibm" for product "Storwize" | v7000 Search vendor "Ibm" for product "Storwize" and version "v7000" | 1.4 |
Affected
|
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.1 Search vendor "Samba" for product "Samba" and version "3.6.1" | - |
Affected
| in | Ibm Search vendor "Ibm" | Storwize Search vendor "Ibm" for product "Storwize" | v7000 Search vendor "Ibm" for product "Storwize" and version "v7000" | 1.3 |
Affected
|
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.1 Search vendor "Samba" for product "Samba" and version "3.6.1" | - |
Affected
| in | Ibm Search vendor "Ibm" | Storwize Search vendor "Ibm" for product "Storwize" | v7000 Search vendor "Ibm" for product "Storwize" and version "v7000" | 1.4 |
Affected
|
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.2 Search vendor "Samba" for product "Samba" and version "3.6.2" | - |
Affected
| in | Ibm Search vendor "Ibm" | Storwize Search vendor "Ibm" for product "Storwize" | v7000 Search vendor "Ibm" for product "Storwize" and version "v7000" | 1.3 |
Affected
|
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.2 Search vendor "Samba" for product "Samba" and version "3.6.2" | - |
Affected
| in | Ibm Search vendor "Ibm" | Storwize Search vendor "Ibm" for product "Storwize" | v7000 Search vendor "Ibm" for product "Storwize" and version "v7000" | 1.4 |
Affected
|
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.3 Search vendor "Samba" for product "Samba" and version "3.6.3" | - |
Affected
| in | Ibm Search vendor "Ibm" | Storwize Search vendor "Ibm" for product "Storwize" | v7000 Search vendor "Ibm" for product "Storwize" and version "v7000" | 1.3 |
Affected
|
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.3 Search vendor "Samba" for product "Samba" and version "3.6.3" | - |
Affected
| in | Ibm Search vendor "Ibm" | Storwize Search vendor "Ibm" for product "Storwize" | v7000 Search vendor "Ibm" for product "Storwize" and version "v7000" | 1.4 |
Affected
|
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.4 Search vendor "Samba" for product "Samba" and version "3.6.4" | - |
Affected
| in | Ibm Search vendor "Ibm" | Storwize Search vendor "Ibm" for product "Storwize" | v7000 Search vendor "Ibm" for product "Storwize" and version "v7000" | 1.3 |
Affected
|
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.4 Search vendor "Samba" for product "Samba" and version "3.6.4" | - |
Affected
| in | Ibm Search vendor "Ibm" | Storwize Search vendor "Ibm" for product "Storwize" | v7000 Search vendor "Ibm" for product "Storwize" and version "v7000" | 1.4 |
Affected
|
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | lts |
Affected
|