NEWS[4.17.0rc4]: Samba 4.17.0rc4 Available for Download

[samba-web.git] / security / CVE-2013-0454.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>Samba - Security Announcement Archive</title>
</head>

<body>

   <H2>CVE-2013-0454.html:</H2>

<p>
<pre>
===========================================================
== Subject:     A writable configured share might get read only
==
== CVE ID#:     CVE-2013-0454
==
== Versions:    Samba 3.6.0 - 3.6.5 (inclusive)
==
== Summary:     A share configuration 'read only = no' might result
==              in 'read only = yes'
==
===========================================================

===========
Description
===========

Due to a assignment vs equality bug a share reference might get
overwritten.  This can lead to 'read only = no' from another share to
leak into a 'read only = yes' share for a subsequent connections. This
is a re-evaluation of an already fixed bug.

==========
Workaround
==========

Update to 3.6.6 and higher or apply the following patch
http://ftp.samba.org/pub/samba/patches/security/samba-3.6-CVE-2013-0454.patch

The file samba-3.6-CVE-2013-0454.patch.asc from the same directory
allows gpg verification as described in the general download
description at https://www.samba.org/samba/download/

==================
Patch Availability
==================

See above.

=======
Credits
=======

The release of this information was driven by Ulf Troppens of IBM
February, 19th 2013.

The required patch got written by Michael Adam 1st of February 2013.

==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================
</pre>
</body>
</html>