Описание
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.
Отчет
The vulnerability primarily affects Samba configurations using the "acl_xattr" module with the "acl_xattr:ignore system acls = yes" setting.
Меры по смягчению последствий
The vulnerability is most commonly associated with the "acl_xattr" module and can be mitigated by setting:
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | samba | Out of support scope | ||
| Red Hat Enterprise Linux 6 | samba4 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | samba | Out of support scope | ||
| Red Hat Storage 3 | samba | Affected | ||
| Red Hat Enterprise Linux 8 | samba | Fixed | RHSA-2023:7467 | 22.11.2023 |
| Red Hat Enterprise Linux 8 | samba | Fixed | RHSA-2023:7467 | 22.11.2023 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | samba | Fixed | RHSA-2023:7408 | 21.11.2023 |
| Red Hat Enterprise Linux 8.8 Extended Update Support | samba | Fixed | RHSA-2023:7464 | 22.11.2023 |
| Red Hat Enterprise Linux 9 | samba | Fixed | RHSA-2023:6744 | 07.11.2023 |
| Red Hat Enterprise Linux 9 | samba | Fixed | RHSA-2023:6744 | 07.11.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.
A vulnerability was discovered in Samba, where the flaw allows SMB cli ...
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.
EPSS
6.5 Medium
CVSS3