CVE - CVE-2023-4091

CVE-ID
CVE-2023-4091	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:RHBZ#2241882 URL:https://bugzilla.redhat.com/show_bug.cgi?id=2241882 MISC:RHSA-2023:6209 URL:https://access.redhat.com/errata/RHSA-2023:6209 MISC:RHSA-2023:6744 URL:https://access.redhat.com/errata/RHSA-2023:6744 MISC:RHSA-2023:7371 URL:https://access.redhat.com/errata/RHSA-2023:7371 MISC:RHSA-2023:7408 URL:https://access.redhat.com/errata/RHSA-2023:7408 MISC:RHSA-2023:7464 URL:https://access.redhat.com/errata/RHSA-2023:7464 MISC:RHSA-2023:7467 URL:https://access.redhat.com/errata/RHSA-2023:7467 MISC:https://access.redhat.com/security/cve/CVE-2023-4091 URL:https://access.redhat.com/security/cve/CVE-2023-4091 MISC:https://bugzilla.samba.org/show_bug.cgi?id=15439 URL:https://bugzilla.samba.org/show_bug.cgi?id=15439 MISC:https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html URL:https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html MISC:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUMVALLFFDFC53JZMUWA6HPD7HUGAP5I/ URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUMVALLFFDFC53JZMUWA6HPD7HUGAP5I/ MISC:https://security.netapp.com/advisory/ntap-20231124-0002/ URL:https://security.netapp.com/advisory/ntap-20231124-0002/ MISC:https://www.samba.org/samba/security/CVE-2023-4091.html URL:https://www.samba.org/samba/security/CVE-2023-4091.html
Assigning CNA
Red Hat, Inc.
Date Record Created
20230802	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20230802)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)