Описание
A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.
A flaw was found in the way Samba handled file and directory permissions. This flaw allows an authenticated user to gain access to certain file and directory information, which otherwise would be unavailable. The highest threat from this vulnerability is to confidentiality.
Меры по смягчению последствий
As Samba internally opens an underlying file system handle on a directory when a client requests an open, even for FILE_READ_ATTRIBUTES then if the underlying file system permissions don't allow "r" (read) access for the connected user, then the handle open request will be denied. "r" access is the normal permission needed to list or otherwise reveal the contents of a directory, so if a connected user has "r" access then they will be able to list the directory contents normally, and the information received by a ChangeNofity request is already available to the user. The security issue occurs if the Administrator or directory owner had set more restrictive Windows ACL permissions on the directory to disallow read access to the user, and this permissions change was not reflected in the underlying file system permissions. This will only occur if Samba is configured with VFS modules to decouple the underlying file system permissions from the Windows ACLs, by setting up a share with the settings: [vulnerable_share] vfs_objects = vfs_acl_xattr acl_xattr:ignore system acls = yes
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | samba | Out of support scope | ||
| Red Hat Enterprise Linux 7 | samba | Fixed | RHSA-2020:5439 | 15.12.2020 |
| Red Hat Enterprise Linux 8 | openchange | Fixed | RHSA-2021:1647 | 18.05.2021 |
| Red Hat Enterprise Linux 8 | samba | Fixed | RHSA-2021:1647 | 18.05.2021 |
| Red Hat Enterprise Linux 8 | openchange | Fixed | RHSA-2021:1647 | 18.05.2021 |
| Red Hat Enterprise Linux 8 | samba | Fixed | RHSA-2021:1647 | 18.05.2021 |
| Red Hat Gluster Storage 3.5 for RHEL 7 | samba | Fixed | RHSA-2021:3723 | 05.10.2021 |
| Red Hat Gluster Storage 3.5 for RHEL 8 | samba | Fixed | RHBA-2021:1503 | 05.05.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS3
Связанные уязвимости
A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.
A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.
A flaw was found in the way samba handled file and directory permissio ...
A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.
EPSS
4.3 Medium
CVSS3