kernel: smb/client: fix memory leak in smb2_open_file()

A memory leak flaw was found in the Linux kernel's CIFS/SMB client. In the smb2openfile function, request buffers are not properly freed when performing direct I/O writes to a read-only SMB share. This causes slab cache objects to remain allocated, which can prevent the cifs module from unloading...

EUVD-2013-0465

Malware in sbrugna...

CVE-2016-9461

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to...

Edit permission check not enforced on WebDAV COPY action - ownCloud

The WebDAV endpoint was not properly checking the permission on a WebDAV "COPY" action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files. Affected Software ownCloud Server 9.0.4 CVE-2016-????...

Server: Edit permission check not enforced on WebDAV COPY action

The WebDAV endpoint was not properly checking the permission on a WebDAV "COPY" action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files. For more information please consult the official advisory. This...

Edit permission check not enforced on WebDAV COPY action (NC-SA-2016-004)

The WebDAV endpoint was not properly checking the permission on a WebDAV "COPY" action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files...

Nextcloud: Read-only share recipient can restore old versions of file

The restore capability of Nextcloud was not verifying whether an user has only read-only access to a share. Thus an user with read-only access was able to restore old versions. A detailed advisory can be found at https://nextcloud.com/security/advisory/?id=nc-sa-2016-005. ------ Thanks a lot,...

CVE-2013-0454

The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to 1 write to a read-only share; 2 trigger...

DEBIAN-CVE-2013-0454

The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to 1 write to a read-only share; 2 trigger...

CVE-2013-1281

The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service NULL pointer dereference and reboot via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability."...