Vulnerability CVE-2023-4091: Information

Description

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-4091
Published: Nov. 3, 2023
Modified: April 22, 2024
Error type identifier: CWE-276

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
sambasisyphus4.17.12-alt14.20.1-alt2ALT-PU-2023-6448-1332020Fixed
sambasisyphus_e2k4.17.12-alt14.20.1-alt1ALT-PU-2023-6495-1-Fixed
sambasisyphus_riscv644.17.12-alt14.20.1-alt2ALT-PU-2023-6523-1-Fixed
sambap104.17.12-alt34.19.6-alt2ALT-PU-2023-7794-2332201Fixed
sambap10_e2k4.17.12-alt34.19.6-alt2ALT-PU-2023-7914-1-Fixed
sambac9f24.16.11-alt0.c9.24.14.14-alt0.c9.1ALT-PU-2024-8331-1336563In work
sambap114.17.12-alt14.20.1-alt1ALT-PU-2023-6448-1332020Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.samba.org/samba/security/CVE-2023-4091.html
  • Vendor Advisory
https://bugzilla.samba.org/show_bug.cgi?id=15439
  • Issue Tracking
https://access.redhat.com/errata/RHSA-2023:6209
  • Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2241882
  • Issue Tracking
https://access.redhat.com/security/cve/CVE-2023-4091
  • Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUMVALLFFDFC53JZMUWA6HPD7HUGAP5I/
  • Mailing List
RHSA-2023:6744
  • Third Party Advisory
RHSA-2023:7371
    RHSA-2023:7408
      RHSA-2023:7464
        RHSA-2023:7467
          https://security.netapp.com/advisory/ntap-20231124-0002/
            https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html

                1. Configuration 1

                  cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
                  Start including
                  4.19.0
                  End excliding
                  4.19.1
                  cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
                  Start including
                  4.18.0
                  End excliding
                  4.18.8
                  cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
                  End excliding
                  4.17.12

                  Configuration 2

                  cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

                  Configuration 3

                  cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
                  cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*
                  cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*
              VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
              Version: v24.5.3
              Back to top