CVE-2023-4091

CWE-276 — Incorrect Default Permissions11 documents7 sources

Severity

6.5MEDIUM

EPSS

0.5%

top 35.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Samba Fedoraproject Fedora Redhat Enterprise Linux +2 more

Timeline

PublishedNov 3

Description

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system per…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDsamba/samba4.18.0 — 4.18.8+2

▶Debiansamba< 2:4.13.13+dfsg-1~deb11u6+3

▶Ubuntusamba< 2:4.15.13+dfsg-0ubuntu0.20.04.6+2

▶NVDredhat/storage3.0

Also affects: Fedora 39, Enterprise Linux 8.0, 9.0

🔴Vulnerability Details

CVEList

Samba: smb clients can truncate files with read-only permissions↗2023-11-03

▶

GHSA

GHSA-f6jj-3gjw-frjm: A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS modul↗2023-11-03

▶

OSV

CVE-2023-4091: A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS modul↗2023-11-03

▶

OSV

samba vulnerabilities↗2023-10-17

▶

OSV

samba regression↗2023-10-11

▶

📋Vendor Advisories

Ubuntu

Samba vulnerabilities↗2023-10-17

▶

Red Hat

samba: SMB clients can truncate files with read-only permissions↗2023-10-10

▶

Ubuntu

Samba vulnerabilities↗2023-10-10

▶

Debian

CVE-2023-4091: samba - A vulnerability was discovered in Samba, where the flaw allows SMB clients to tr...↗2023

▶