CVE-2023-4091

MEDIUM

Samba < 4.17.12 - Unauthorized File Truncation via SMB Overwrite Create Disposition

Title source: llm
STIX 2.1

Description

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.

References (13)

Core 13
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:6209
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:6744
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:7371
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:7408
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:7464
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:7467
Third Party Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2023-4091
Issue Tracking issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2241882

Scores

CVSS v3 6.5
EPSS 0.0044
EPSS Percentile 63.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-276
Status published
Products (5)
fedoraproject/fedora 39
redhat/enterprise_linux 8.0
redhat/enterprise_linux_eus 9.0
redhat/storage 3.0
samba/samba < 4.17.12
Published Nov 03, 2023
Tracked Since Feb 18, 2026