Description
The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/80970
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=928419
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1802-1
Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=ssg1S1004289
Vendor Advisory x_refsource_confirm
https://www.samba.org/samba/security/CVE-2013-0454
Issue Tracking x_refsource_misc
https://bugzilla.samba.org/show_bug.cgi?id=8738
Various Sources mailing-list
x_refsource_mlist
https://lists.samba.org/archive/samba-announce/2012/000259.html
Scores
EPSS
0.0188
EPSS Percentile
83.4%
Details
CWE
CWE-264
Status
published
Products (8)
canonical/ubuntu_linux
12.04
ibm/storwize
v7000 1.3 (2 CPE variants)
samba/samba
3.6.0
samba/samba
3.6.1
samba/samba
3.6.2
samba/samba
3.6.3
samba/samba
3.6.4
samba/samba
< 3.6.5
Published
Mar 26, 2013
Tracked Since
Feb 18, 2026