CVE-2023-4091

Summary

CVE	CVE-2023-4091
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-11-03 08:15:00 UTC
Updated	2023-11-13 17:52:00 UTC
Description	A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.

Risk And Classification

Problem Types: CWE-276

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Fedoraproject	Fedora	39	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Operating System	Redhat	Enterprise Linux Eus	9.0	All	All	All
Application	Redhat	Storage	3.0	All	All	All
Application	Samba	Samba	All	All	All	All

References

Reference	Source	Link	Tags
2241882 – (CVE-2023-4091) CVE-2023-4091 samba: SMB clients can truncate files with read-only permissions	MISC	bugzilla.redhat.com
15439 – (CVE-2023-4091) [SECURITY] CVE-2023-4091: Client can truncate file with read-only permissions	MISC	bugzilla.samba.org
[SECURITY] Fedora 39 Update: samba-4.19.2-1.fc39 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
Red Hat	MISC	access.redhat.com
cve-details	MISC	access.redhat.com
Red Hat		access.redhat.com
Samba - Security Announcement Archive	MISC	www.samba.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

161070 Oracle Enterprise Linux Security Update for samba (ELSA-2023-6744)
161196 Oracle Enterprise Linux Security Update for samba (ELSA-2023-7467)
199820 Ubuntu Security Notification for Samba Vulnerabilities (USN-6425-1)
199907 Ubuntu Security Notification for Samba Vulnerabilities (USN-6425-3)
242260 Red Hat Update for samba (RHSA-2023:6209)
242318 Red Hat Update for samba (RHSA-2023:6744)
242484 Red Hat Update for samba (RHSA-2023:7408)
242507 Red Hat Update for samba (RHSA-2023:7467)
242508 Red Hat Update for samba (RHSA-2023:7464)
284612 Fedora Security Update for samba (FEDORA-2023-7eb8cbf1a5)
284682 Fedora Security Update for samba (FEDORA-2023-fff0c857d6)
285191 Fedora Security Update for samba (FEDORA-2023-8c9251e479)
356630 Amazon Linux Security Advisory for samba : ALAS2023-2023-416
356750 Amazon Linux Security Advisory for samba : ALAS2-2023-2367
356781 Amazon Linux Security Advisory for samba : ALAS-2023-1896
503395 Alpine Linux Security Update for samba
505937 Alpine Linux Security Update for samba
6000310 Debian Security Update for samba (DSA 5525-1)
6000543 Debian Security Update for samba (DSA 5647-1)
673360 EulerOS Security Update for samba (EulerOS-SA-2024-1097)
673397 EulerOS Security Update for samba (EulerOS-SA-2023-3349)
673574 EulerOS Security Update for samba (EulerOS-SA-2023-3286)
673584 EulerOS Security Update for samba (EulerOS-SA-2024-1163)
673680 EulerOS Security Update for samba (EulerOS-SA-2023-3258)
673775 EulerOS Security Update for samba (EulerOS-SA-2024-1073)
673833 EulerOS Security Update for samba (EulerOS-SA-2023-3317)
673964 EulerOS Security Update for samba (EulerOS-SA-2024-1297)
710873 Gentoo Linux Samba Multiple Vulnerabilities (GLSA 202402-28)
755062 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2023:4040-1)
755069 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2023:4046-1)
755081 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2023:4059-1)
755106 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2023:4096-1)
941395 AlmaLinux Security Update for samba (ALSA-2023:6744)
941422 AlmaLinux Security Update for samba (ALSA-2023:7467)