6.5

CVE-2023-4091

Samba: smb clients can truncate files with read-only permissions

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaSamba Version < 4.17.12
SambaSamba Version >= 4.18.0 < 4.18.8
SambaSamba Version >= 4.19.0 < 4.19.1
FedoraprojectFedora Version39
RedhatStorage Version3.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Eus Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.17% 0.634
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
secalert@redhat.com 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUMVALLFFDFC53JZMUWA6HPD7HUGAP5I/
https://security.netapp.com/advisory/ntap-20231124-0002/
https://access.redhat.com/errata/RHSA-2023:6209
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6744
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7371
https://access.redhat.com/errata/RHSA-2023:7408
https://access.redhat.com/errata/RHSA-2023:7464
https://access.redhat.com/errata/RHSA-2023:7467
https://access.redhat.com/security/cve/CVE-2023-4091
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2241882
Issue Tracking
https://bugzilla.samba.org/show_bug.cgi?id=15439
Issue Tracking
https://www.samba.org/samba/security/CVE-2023-4091.html
Vendor Advisory