Common Vulnerabilities and Exposures assigned an identifier CVE-2013-0454 to the following vulnerability: Name: CVE-2013-0454 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0454 Assigned: 20121216 Reference: https://lists.samba.org/archive/samba-announce/2012/000259.html Reference: https://bugzilla.samba.org/show_bug.cgi?id=8738 Reference: http://www.ibm.com/support/docview.wss?uid=ssg1S1004289 Reference: http://xforce.iss.net/xforce/xfdb/80970 Samba before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) triggerdata-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter.
Statement: Not vulnerable. This issue did not affect the versions of samba as shipped with Red Hat Enterprise Linux 5 as they did not provide support for SMB2. This issue did not affect the versions of samba3x and samba as shipped with Red Hat Enterprise Linux 6 as they ship newer versions that do not include the vulnerable code.
To clarify, the SMB2 support was added in 3.6.0: http://wiki.samba.org/index.php/Samba_3.6_Features_added/changed#SMB2_support So only versions 3.6.0 through 3.6.5 (fixed in upstream 3.6.6) were affected by this issue.
This did not ever affect samba3x in Red Hat Enterprise Linux 5 as 5.8 provided 3.5.10 and it was updated to 3.6.6 via RHBA-2013:0064. Likewise this did not ever affect samba in Red Hat Enterprise Linux 6 as 6.3 provided 3.5.10 and it was updated to 3.6.9 via RHBA-2013:0338.
External References: https://www.samba.org/samba/security/CVE-2013-0454