CVE-2013-0454 — MEDIUM (4.0)

Q: How severe is CVE-2013-0454?

CVE-2013-0454 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-0454?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Samba Samba, Ibm Storwize.

Vulnerability Description

The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter.

CVSS Score

4.0

MEDIUM

AV:N/AC:L/Au:S/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Canonical	Ubuntu Linux	12.04
Samba	Samba	<= 3.6.5
Ibm	Storwize	v7000

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2013-0454?

CVE-2013-0454 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS sha...

How severe is CVE-2013-0454?

CVE-2013-0454 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-0454?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Samba Samba, Ibm Storwize.