Impact
A flaw in the Samba printing subsystem allows a remote attacker to inject shell metacharacters through the job description field, leading to remote code execution. The job description is passed to the system’s print command via the "%J" placeholder without proper escaping, creating a command injection vulnerability classified as CWE-78. An attacker who submits a print job containing forged shell characters can cause arbitrary code to execute on the host with the privileges of the Samba service, potentially compromising confidentiality, integrity, and availability of the affected system.
Affected Systems
The vulnerability affects Samba installations on Red Hat Enterprise Linux releases 6, 7, 8, 9, and 10, as well as Red Hat OpenShift Container Platform 4. No specific Samba version numbers are listed, but all affected distributions ship the vulnerable code path.
Risk and Exploitability
The CVSS score of 9 indicates a high severity vulnerability, and the EPSS score of 13% suggests a relatively high likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is inferred to be network-based: an adversary who can interact with the Samba service (e.g., via SMB) can send a crafted print job to trigger the command injection and achieve code execution on the host as the user running Samba.
OpenCVE Enrichment
Debian DSA
Ubuntu USN