CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
EPSS
Percentile
52.3%
Due to a assignment vs equality bug a share reference might get
overwritten. This can lead to ‘read only = no’ from another share to
leak into a ‘read only = yes’ share for a subsequent connections. This
is a re-evaluation of an already fixed bug.
Update to 3.6.6 and higher or apply the following patch
http://ftp.samba.org/pub/samba/patches/security/samba-3.6-CVE-2013-0454.patch
The file samba-3.6-CVE-2013-0454.patch.asc from the same directory
allows gpg verification as described in the general download
description at https://www.samba.org/samba/download/
See above.
The release of this information was driven by Ulf Troppens of IBM
February, 19th 2013.
The required patch got written by Michael Adam 1st of February 2013.
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team