=========================================================== == Subject: A writable configured share might get read only == == CVE ID#: CVE-2013-0454 == == Versions: Samba 3.6.0 - 3.6.5 (inclusive) == == Summary: A share configuration 'read only = no' might result == in 'read only = yes' == =========================================================== =========== Description =========== Due to a assignment vs equality bug a share reference might get overwritten. This can lead to 'read only = no' from another share to leak into a 'read only = yes' share for a subsequent connections. This is a re-evaluation of an already fixed bug. ========== Workaround ========== Update to 3.6.6 and higher or apply the following patch http://ftp.samba.org/pub/samba/patches/security/samba-3.6-CVE-2013-0454.patch The file samba-3.6-CVE-2013-0454.patch.asc from the same directory allows gpg verification as described in the general download description at https://www.samba.org/samba/download/ ================== Patch Availability ================== See above. ======= Credits ======= The release of this information was driven by Ulf Troppens of IBM February, 19th 2013. The required patch got written by Michael Adam 1st of February 2013. ========================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ==========================================================