You are here

V-127: Samba Bug Lets Remote Authenticated Users Modify Files

April 5, 2013 - 6:00am

Addthis

PROBLEM:

A vulnerability was reported in Samba.

PLATFORM:

The vulnerabilities are reported in version(s): 3.6.0 - 3.6.5

ABSTRACT:

A remote authenticated user can modify files on the target share

REFERENCE LINKS:

SecurityTracker Alert ID: 1028389
Samba Security Announcement
CVE-2013-0454

IMPACT ASSESSMENT:

Medium

DISCUSSION:

A remote authenticated user can perform operations on the target CIFS export that are not permitted by the CIFS share access control settings.  This may include writing to read-only shares.

IMPACT:

Modification of user information

SOLUTION:

Update to 3.6.6 and higher or apply the following patch

Addthis