GSD-2013-0454
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2013-0454",
"description": "The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or \"hide unreadable\" parameter.",
"id": "GSD-2013-0454",
"references": [
"https://www.suse.com/security/cve/CVE-2013-0454.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2013-0454"
],
"details": "The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or \"hide unreadable\" parameter.",
"id": "GSD-2013-0454",
"modified": "2023-12-13T01:22:15.275149Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-0454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or \"hide unreadable\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "storwize-cifs-incorrect-permissions(80970)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80970"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=928419",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=928419"
},
{
"name": "USN-1802-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1802-1"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1004289",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1004289"
},
{
"name": "https://www.samba.org/samba/security/CVE-2013-0454",
"refsource": "CONFIRM",
"url": "https://www.samba.org/samba/security/CVE-2013-0454"
},
{
"name": "https://bugzilla.samba.org/show_bug.cgi?id=8738",
"refsource": "MISC",
"url": "https://bugzilla.samba.org/show_bug.cgi?id=8738"
},
{
"name": "[samba-announce] 20120625 [Announce] Samba 3.6.6 Available for Download",
"refsource": "MLIST",
"url": "https://lists.samba.org/archive/samba-announce/2012/000259.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:samba:samba:3.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:samba:samba:3.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:samba:samba:3.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:samba:samba:3.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.6.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:samba:samba:3.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ibm:storwize:v7000:1.4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:storwize:v7000:1.3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-0454"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or \"hide unreadable\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1004289",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1004289"
},
{
"name": "[samba-announce] 20120625 [Announce] Samba 3.6.6 Available for Download",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.samba.org/archive/samba-announce/2012/000259.html"
},
{
"name": "https://bugzilla.samba.org/show_bug.cgi?id=8738",
"refsource": "MISC",
"tags": [],
"url": "https://bugzilla.samba.org/show_bug.cgi?id=8738"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=928419",
"refsource": "CONFIRM",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=928419"
},
{
"name": "https://www.samba.org/samba/security/CVE-2013-0454",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.samba.org/samba/security/CVE-2013-0454"
},
{
"name": "USN-1802-1",
"refsource": "UBUNTU",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1802-1"
},
{
"name": "storwize-cifs-incorrect-permissions(80970)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80970"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2017-08-29T01:33Z",
"publishedDate": "2013-03-26T21:55Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…