CVE-2023-4091

Published: Nov 3, 2023Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.

Affected (7)

Products: Samba: Samba · Fedoraproject: Fedora · Redhat: Enterprise Linux, Enterprise Linux Eus, Storage

1 product

1 product

3 products

Enterprise Linux

Enterprise Linux Eus

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Samba Samba	Before 4.17.12
Samba Samba	From 4.18.0 to 4.18.8
Samba Samba	From 4.19.0 to 4.19.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 39

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 8.0
Redhat Enterprise Linux Eus	Version 9.0
Redhat Storage	Version 3.0

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (23)

https://access.redhat.com/errata/RHSA-2023:6209

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:6744

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7371

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7408

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7464

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7467

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2023-4091

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2241882

Source: secalert@redhat.com

Issue Tracking

https://bugzilla.samba.org/show_bug.cgi?id=15439

Source: secalert@redhat.com

Issue Tracking

https://www.samba.org/samba/security/CVE-2023-4091.html

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2023:6209

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:6744

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7371

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2023:7408

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2023:7464

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2023:7467

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/security/cve/CVE-2023-4091

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2241882

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://bugzilla.samba.org/show_bug.cgi?id=15439

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUMVALLFFDFC53JZMUWA6HPD7HUGAP5I/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20231124-0002/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.samba.org/samba/security/CVE-2023-4091.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.