Lucene search

[email protected]CVE-2023-4091

HistoryNov 03, 2023 - 8:15 a.m.

CVE-2023-4091

2023-11-0308:15:08

CWE-276

[email protected]

web.nvd.nist.gov

468

samba

cve

vulnerability

smb

truncate

files

read-only

permissions

acl_xattr

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.2

Confidence

High

EPSS

0.002

Percentile

51.9%

JSON

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module “acl_xattr” is configured with “acl_xattr:ignore system acls = yes”. The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba’s permissions.

Affected configurations

NVD

Node

sambasambaRange<4.17.12

sambasambaRange4.18.0–4.18.8

sambasambaRange4.19.0–4.19.1

Node

fedoraprojectfedoraMatch39

Node

redhatstorageMatch3.0

redhatenterprise_linuxMatch8.0

redhatenterprise_linux_eusMatch9.0

CNA Affected

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "samba",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:4.18.6-2.el8_9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream",
      "cpe:/a:redhat:enterprise_linux:8::crb",
      "cpe:/o:redhat:enterprise_linux:8::baseos"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "samba",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:4.18.6-2.el8_9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream",
      "cpe:/a:redhat:enterprise_linux:8::crb",
      "cpe:/o:redhat:enterprise_linux:8::baseos"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "samba",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:4.15.5-13.el8_6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
      "cpe:/a:redhat:rhel_eus:8.6::appstream",
      "cpe:/a:redhat:rhel_eus:8.6::crb",
      "cpe:/o:redhat:rhel_eus:8.6::baseos"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "samba",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:4.17.5-4.el8_8",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:8.8::crb",
      "cpe:/a:redhat:rhel_eus:8.8::appstream",
      "cpe:/o:redhat:rhel_eus:8.8::baseos"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "samba",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:4.18.6-101.el9_3",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::crb",
      "cpe:/o:redhat:enterprise_linux:9::baseos",
      "cpe:/a:redhat:enterprise_linux:9::appstream",
      "cpe:/a:redhat:enterprise_linux:9::resilientstorage"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "samba",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:4.18.6-101.el9_3",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::crb",
      "cpe:/o:redhat:enterprise_linux:9::baseos",
      "cpe:/a:redhat:enterprise_linux:9::appstream",
      "cpe:/a:redhat:enterprise_linux:9::resilientstorage"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "samba",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:4.15.5-111.el9_0",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:9.0::crb",
      "cpe:/a:redhat:rhel_eus:9.0::appstream",
      "cpe:/a:redhat:rhel_eus:9.0::resilientstorage",
      "cpe:/o:redhat:rhel_eus:9.0::baseos"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "samba",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:4.17.5-104.el9_2",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/o:redhat:rhel_eus:9.2::baseos",
      "cpe:/a:redhat:rhel_eus:9.2::appstream",
      "cpe:/a:redhat:rhel_eus:9.2::resilientstorage",
      "cpe:/a:redhat:rhel_eus:9.2::crb"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "samba",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:4.15.5-13.el8_6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
      "cpe:/a:redhat:rhel_eus:8.6::appstream",
      "cpe:/a:redhat:rhel_eus:8.6::crb",
      "cpe:/o:redhat:rhel_eus:8.6::baseos"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "samba",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "samba4",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "samba",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Storage 3",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "samba",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:storage:3"
    ]
  }
]