Lucene search

K
oraclelinuxOracleLinuxELSA-2023-6744
HistoryNov 16, 2023 - 12:00 a.m.

samba security update

2023-11-1600:00:00
linux.oracle.com
15
samba
security update
4.18.6-101
resolves
cve-2023-3961
pipename
cve-2023-4091
smb clients
truncate files
cve-2023-42669
remove
rpcecho server
unix

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

61.9%

[4.18.6-101]

  • resolves: RHEL-11937
    Fix CVE-2023-3961 - smbd must check the pipename
  • resolves: RHEL-11937
    Fix CVE-2023-4091 - SMB clients can truncate files
  • resolves: RHEL-11937
    Fix CVE-2023-42669 - Remove rpcecho server

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

61.9%