OpenCVE

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Fedora
Redhat	Enterprise Linux Enterprise Linux Eus Rhel Eus Rhev Hypervisor Storage
Samba	Samba

Configuration 1 [-]

OR	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:samba:samba::::::::

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:a:redhat:storage:3.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
samba-0:4.18.6-2.el8_9	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:7467	2023-11-22T00:00:00Z
samba-0:4.18.6-2.el8_9	cpe:/o:redhat:enterprise_linux:8	RHSA-2023:7467	2023-11-22T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
samba-0:4.15.5-13.el8_6	cpe:/a:redhat:rhel_eus:8.6	RHSA-2023:7408	2023-11-21T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
samba-0:4.17.5-4.el8_8	cpe:/a:redhat:rhel_eus:8.8	RHSA-2023:7464	2023-11-22T00:00:00Z
Red Hat Enterprise Linux 9
samba-0:4.18.6-101.el9_3	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:6744	2023-11-07T00:00:00Z
samba-0:4.18.6-101.el9_3	cpe:/o:redhat:enterprise_linux:9	RHSA-2023:6744	2023-11-07T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
samba-0:4.15.5-111.el9_0	cpe:/a:redhat:rhel_eus:9.0	RHSA-2023:6209	2023-10-31T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
samba-0:4.17.5-104.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2023:7371	2023-11-21T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
samba-0:4.15.5-13.el8_6	cpe:/o:redhat:rhev_hypervisor:4.4::el8	RHSA-2023:7408	2023-11-21T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2023:6209
https://access.redhat.com/errata/RHSA-2023:6744
https://access.redhat.com/errata/RHSA-2023:7371
https://access.redhat.com/errata/RHSA-2023:7408
https://access.redhat.com/errata/RHSA-2023:7464
https://access.redhat.com/errata/RHSA-2023:7467
https://access.redhat.com/security/cve/CVE-2023-4091
https://bugzilla.redhat.com/show_bug.cgi?id=2241882
https://bugzilla.samba.org/show_bug.cgi?id=15439
https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUMVALLFFDFC53JZMUWA6HPD7HUGAP5I/
https://nvd.nist.gov/vuln/detail/CVE-2023-4091
https://security.netapp.com/advisory/ntap-20231124-0002/
https://www.cve.org/CVERecord?id=CVE-2023-4091
https://www.samba.org/samba/security/CVE-2023-4091.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-11-03T07:56:35.611Z

Updated: 2024-09-16T14:31:44.905Z

Reserved: 2023-08-02T09:43:21.439Z

Link: CVE-2023-4091

Vulnrichment

Updated: 2024-08-02T07:17:11.687Z

NVD

Status : Modified

Published: 2023-11-03T08:15:08.197

Modified: 2024-09-16T15:15:15.190

Link: CVE-2023-4091

Redhat

Severity : Moderate

Publid Date: 2023-10-10T00:00:00Z

Links: CVE-2023-4091 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object