1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
6 <title>Samba - Security Announcement Archive</title>
11 <H2>CVE-2013-0454.html:</H2>
15 ===========================================================
16 == Subject: A writable configured share might get read only
18 == CVE ID#: CVE-2013-0454
20 == Versions: Samba 3.6.0 - 3.6.5 (inclusive)
22 == Summary: A share configuration 'read only = no' might result
23 == in 'read only = yes'
25 ===========================================================
31 Due to a assignment vs equality bug a share reference might get
32 overwritten. This can lead to 'read only = no' from another share to
33 leak into a 'read only = yes' share for a subsequent connections. This
34 is a re-evaluation of an already fixed bug.
40 Update to 3.6.6 and higher or apply the following patch
41 http://ftp.samba.org/pub/samba/patches/security/samba-3.6-CVE-2013-0454.patch
43 The file samba-3.6-CVE-2013-0454.patch.asc from the same directory
44 allows gpg verification as described in the general download
45 description at https://www.samba.org/samba/download/
57 The release of this information was driven by Ulf Troppens of IBM
60 The required patch got written by Michael Adam 1st of February 2013.
62 ==========================================================
63 == Our Code, Our Bugs, Our Responsibility.
65 ==========================================================