SUSE update for samba
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-4091 |
| CWE-ID | CWE-264 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SUSE Linux Enterprise High Availability Extension 12 Operating systems & Components / Operating system SUSE Linux Enterprise Software Development Kit 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server 12 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 12 Operating systems & Components / Operating system ctdb-debuginfo Operating systems & Components / Operating system package or component ctdb Operating systems & Components / Operating system package or component libsamba-policy0-python3-debuginfo-32bit Operating systems & Components / Operating system package or component samba-libs-32bit Operating systems & Components / Operating system package or component samba-winbind-libs-debuginfo-32bit Operating systems & Components / Operating system package or component samba-winbind-libs-32bit Operating systems & Components / Operating system package or component samba-libs-python3-debuginfo-32bit Operating systems & Components / Operating system package or component samba-libs-python3-32bit Operating systems & Components / Operating system package or component samba-libs-debuginfo-32bit Operating systems & Components / Operating system package or component samba-client-libs-32bit Operating systems & Components / Operating system package or component samba-client-debuginfo-32bit Operating systems & Components / Operating system package or component libsamba-policy0-python3-32bit Operating systems & Components / Operating system package or component samba-client-32bit Operating systems & Components / Operating system package or component samba-client-libs-debuginfo-32bit Operating systems & Components / Operating system package or component samba-doc Operating systems & Components / Operating system package or component samba-winbind-libs Operating systems & Components / Operating system package or component samba-winbind Operating systems & Components / Operating system package or component samba-winbind-libs-debuginfo Operating systems & Components / Operating system package or component libsamba-policy0-python3-debuginfo Operating systems & Components / Operating system package or component libsamba-policy0-python3 Operating systems & Components / Operating system package or component samba-client-libs Operating systems & Components / Operating system package or component samba-winbind-debuginfo Operating systems & Components / Operating system package or component samba Operating systems & Components / Operating system package or component samba-libs-python3 Operating systems & Components / Operating system package or component samba-libs-debuginfo Operating systems & Components / Operating system package or component samba-python3 Operating systems & Components / Operating system package or component samba-ldb-ldap Operating systems & Components / Operating system package or component samba-libs-python3-debuginfo Operating systems & Components / Operating system package or component samba-client Operating systems & Components / Operating system package or component samba-ldb-ldap-debuginfo Operating systems & Components / Operating system package or component samba-client-debuginfo Operating systems & Components / Operating system package or component samba-tool Operating systems & Components / Operating system package or component samba-libs Operating systems & Components / Operating system package or component samba-client-libs-debuginfo Operating systems & Components / Operating system package or component samba-python3-debuginfo Operating systems & Components / Operating system package or component samba-devel-32bit Operating systems & Components / Operating system package or component libsamba-policy-python3-devel Operating systems & Components / Operating system package or component samba-debugsource Operating systems & Components / Operating system package or component samba-devel Operating systems & Components / Operating system package or component samba-debuginfo Operating systems & Components / Operating system package or component libsamba-policy-devel Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU81872
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-4091
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to truncate read-only files.
The vulnerability exists due to an error in the way SMB protocol implementation in Samba handles file operations. A remote user can request read-only access to files and then truncate them to 0 bytes by opening files with OVERWRITE disposition when using the acl_xattr Samba VFS module with the smb.conf setting "acl_xattr:ignore system acls = yes".
Update the affected package samba to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
ctdb-debuginfo: before 4.15.13+git.625.ac658f2f12-3.88.1
ctdb: before 4.15.13+git.625.ac658f2f12-3.88.1
libsamba-policy0-python3-debuginfo-32bit: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-libs-32bit: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-winbind-libs-debuginfo-32bit: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-winbind-libs-32bit: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-libs-python3-debuginfo-32bit: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-libs-python3-32bit: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-libs-debuginfo-32bit: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-client-libs-32bit: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-client-debuginfo-32bit: before 4.15.13+git.625.ac658f2f12-3.88.1
libsamba-policy0-python3-32bit: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-client-32bit: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-client-libs-debuginfo-32bit: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-doc: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-winbind-libs: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-winbind: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-winbind-libs-debuginfo: before 4.15.13+git.625.ac658f2f12-3.88.1
libsamba-policy0-python3-debuginfo: before 4.15.13+git.625.ac658f2f12-3.88.1
libsamba-policy0-python3: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-client-libs: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-winbind-debuginfo: before 4.15.13+git.625.ac658f2f12-3.88.1
samba: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-libs-python3: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-libs-debuginfo: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-python3: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-ldb-ldap: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-libs-python3-debuginfo: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-client: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-ldb-ldap-debuginfo: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-client-debuginfo: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-tool: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-libs: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-client-libs-debuginfo: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-python3-debuginfo: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-devel-32bit: before 4.15.13+git.625.ac658f2f12-3.88.1
libsamba-policy-python3-devel: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-debugsource: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-devel: before 4.15.13+git.625.ac658f2f12-3.88.1
samba-debuginfo: before 4.15.13+git.625.ac658f2f12-3.88.1
libsamba-policy-devel: before 4.15.13+git.625.ac658f2f12-3.88.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:ctdb-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ctdb:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libsamba-policy0-python3-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-libs-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-winbind-libs-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-winbind-libs-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-libs-python3-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-libs-python3-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-libs-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-client-libs-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-client-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libsamba-policy0-python3-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-client-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-client-libs-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-doc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-winbind-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-winbind:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-winbind-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libsamba-policy0-python3-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libsamba-policy0-python3:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-client-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-winbind-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-libs-python3:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-python3:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-ldb-ldap:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-libs-python3-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-client:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-ldb-ldap-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-client-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-tool:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-client-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-python3-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-devel-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libsamba-policy-python3-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:samba-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libsamba-policy-devel:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20234040-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
