Rapid7 Vulnerability & Exploit Database

Samba CVE-2013-0454: A writable configured share might get read only

Back to Search

Samba CVE-2013-0454: A writable configured share might get read only

Severity
4
CVSS
(AV:N/AC:L/Au:S/C:N/I:P/A:N)
Published
03/26/2013
Created
07/25/2018
Added
11/13/2013
Modified
11/14/2013

Description

The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter.

Solution(s)

  • samba-upgrade-3_6_6

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;