Detections
Analytics
Samba < 4.17.12 / 4.18.x < 4.18.8 / 4.19.x < 4.19.1 Incorrect Permissions Handling
medium Nessus Plugin ID 183023
Language:
Synopsis
The remote Samba server is potentially affected by a vulnerability.Description
The version of Samba running on the remote host is potentially affected by a vulnerability. The SMB protocol allows opening files where the client requests read-only access, but then implicitly truncating the opened file if the client specifies a separate OVERWRITE create disposition. This operation requires write access to the file, and in the default Samba configuration the operating system kernel will deny access to open a read-only file for read/write (which the truncate operation requires). However, when Samba has been configured to ignore kernel file system permissions, Samba will truncate a file when the underlying operating system kernel would deny the operation.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Samba version 4.17.12, 4.18.8, or 4.19.1.See Also
Plugin Details
Severity: Medium
ID: 183023
File Name: samba_4_19_1_CVE-2023-4091.nasl
Version: 1.3
Type: remote
Family: Misc.
Published: 10/13/2023
Updated: 11/14/2023
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:C/A:N
CVSS Score Source: CVE-2023-4091
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:samba:samba
Required KB Items: SMB/NativeLanManager, SMB/samba
Exploit Ease: No known exploits are available
Patch Publication Date: 10/10/2023
Vulnerability Publication Date: 10/10/2023
Reference Information
CVE: CVE-2023-4091
IAVA: 2023-A-0535