SB2023112311 - Red Hat Enterprise Linux 8 update for samba
Published: November 23, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Improper Authorization (CVE-ID: CVE-2023-3961)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper input validation when handling client pipe names. A remote attacker can provide a specially crafted pipe name containing directory traversal characters and force Samba to connect to Unix domain sockets outside of the private directory meant to restrict the services a client could connect to.The connection to Unix domain sockets is performed as root, which means that if client sends a pipe name that resolved to an external service using an existing Unix
domain socket, the client is able to connect to it without
any filesystem restrictions.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-4091)
The vulnerability allows a remote user to truncate read-only files.
The vulnerability exists due to an error in the way SMB protocol implementation in Samba handles file operations. A remote user can request read-only access to files and then truncate them to 0 bytes by opening files with OVERWRITE disposition when using the acl_xattr Samba VFS module with the smb.conf setting "acl_xattr:ignore system acls = yes".
3) Resource management error (CVE-ID: CVE-2023-42669)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to inclusion of the "rpcecho" server into production build, which can call sleep() on AD DC. A remote user can request the server block using the "rpcecho" server and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.