SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Storage)  >   IBM Storwize Vendors:   IBM
IBM Storwize V7000 Unified Samba Bug Lets Remote Authenticated Users Modify Files
SecurityTracker Alert ID:  1028365
SecurityTracker URL:  http://securitytracker.com/id/1028365
CVE Reference:   CVE-2013-0454   (Links to External Site)
Date:  Mar 28 2013
Impact:   Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Storwize V7000 Unified ; 1.3.x, 1.4.x
Description:   A vulnerability was reported in IBM Storwize V7000 Unified. A remote authenticated user can modify files on the target share.

A remote authenticated user can exploit a flaw in the Samba implementation to perform operations on the target Storwize V7000 Unified CIFS export that are not permitted by the CIFS share access control settings. This may include writing to read-only shares.

Impact:   A remote authenticated user can modify files on the target share.
Solution:   The vendor has issued a fix (Storwize V7000 Unified 1.3.2.3, 1.4.0.1).

The vendor's advisory is available at:

http://www.ibm.com/support/docview.wss?uid=ssg1S1004289

Vendor URL:  www.ibm.com/support/docview.wss?uid=ssg1S1004289 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC