CVE-2023-3961

CWE-22 — Path Traversal7 documents7 sources

Severity

9.8CRITICAL

EPSS

1.9%

top 16.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Samba Fedoraproject Fedora Redhat Enterprise Linux +2 more

Timeline

PublishedNov 3

Latest updateJan 15

Description

A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB cli…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

▶NVDsamba/samba4.18.0 — 4.18.8+2

▶Debiansamba< 2:4.17.12+dfsg-0+deb12u1+2

▶NVDredhat/storage3.0

Also affects: Fedora 39, Enterprise Linux 8.0, 9.0

🔴Vulnerability Details

CVEList

Samba: smbd allows client access to unix domain sockets on the file system as root↗2023-11-03

▶

GHSA

GHSA-8m6h-6qw7-f6cg: A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory↗2023-11-03

▶

OSV

CVE-2023-3961: A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory↗2023-11-03

▶

📋Vendor Advisories

Oracle

Oracle Oracle JD Edwards Risk Matrix: E1 Dev Platform Tech - Cloud (Samba) — CVE-2023-3961↗2025-01-15

▶

Red Hat

samba: smbd allows client access to unix domain sockets on the file system as root↗2023-10-10

▶

Debian

CVE-2023-3961: samba - A path traversal vulnerability was identified in Samba when processing client pi...↗2023

▶