Vulnerability Details : CVE-2013-0454
The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter.
Products affected by CVE-2013-0454
- cpe:2.3:a:ibm:storwize:v7000:1.4:*:*:*:*:*:*
- cpe:2.3:a:ibm:storwize:v7000:1.3:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.4:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-0454
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-0454
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2013-0454
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-0454
-
https://lists.samba.org/archive/samba-announce/2012/000259.html
[Announce] Samba 3.6.6 Available for Download
-
https://www.samba.org/samba/security/CVE-2013-0454
Samba - Security Announcement ArchiveVendor Advisory
-
https://bugzilla.samba.org/show_bug.cgi?id=8738
Access Denied
-
http://www.ubuntu.com/usn/USN-1802-1
USN-1802-1: Samba vulnerability | Ubuntu security noticesVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/80970
IBM Storwize V7000 Unified CIFS options incorrect permissions CVE-2013-0454 Vulnerability Report
-
http://www.ibm.com/support/docview.wss?uid=ssg1S1004289
IBM Security Bulletin: Storwize V7000 Unified Fix Available for CIFS Attribute Vulnerability (CVE-2013-0454)Vendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=928419
928419 – (CVE-2013-0454) CVE-2013-0454 samba: the SMB2 server does not release unused shares
Jump to