openEuler 20.03 LTS SP3 update for samba

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU81872

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-4091

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote user to truncate read-only files.

The vulnerability exists due to an error in the way SMB protocol implementation in Samba handles file operations. A remote user can request read-only access to files and then truncate them to 0 bytes by opening files with OVERWRITE disposition when using the acl_xattr Samba VFS module with the smb.conf setting "acl_xattr:ignore system acls = yes".

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP3

samba-vfs-glusterfs: before 4.11.12-32

samba-pidl: before 4.11.12-32

samba-dc-provision: before 4.11.12-32

samba-common: before 4.11.12-32

samba-libs: before 4.11.12-32

samba-common-tools: before 4.11.12-32

python3-samba: before 4.11.12-32

python3-samba-test: before 4.11.12-32

python3-samba-dc: before 4.11.12-32

libsmbclient-devel: before 4.11.12-32

samba-client: before 4.11.12-32

samba-debugsource: before 4.11.12-32

samba-dc-bind-dlz: before 4.11.12-32

samba-help: before 4.11.12-32

samba-winbind-modules: before 4.11.12-32

ctdb: before 4.11.12-32

libwbclient: before 4.11.12-32

libwbclient-devel: before 4.11.12-32

samba-winbind-krb5-locator: before 4.11.12-32

samba-krb5-printing: before 4.11.12-32

samba-devel: before 4.11.12-32

libsmbclient: before 4.11.12-32

samba-winbind-clients: before 4.11.12-32

samba-dc: before 4.11.12-32

samba-test: before 4.11.12-32

samba-debuginfo: before 4.11.12-32

ctdb-tests: before 4.11.12-32

samba-winbind: before 4.11.12-32

samba: before 4.11.12-32

CPE2.3

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP3:*:*:*:*:*:*
• cpe:2.3:a:openeuler:samba-vfs-glusterfs:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-pidl:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-dc-provision:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-common:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-libs:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-common-tools:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:python3-samba:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:python3-samba-test:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:python3-samba-dc:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:libsmbclient-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-client:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-dc-bind-dlz:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-help:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-winbind-modules:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ctdb:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:libwbclient:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:libwbclient-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-winbind-krb5-locator:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-krb5-printing:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:libsmbclient:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-winbind-clients:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-dc:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-test:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ctdb-tests:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-winbind:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba:*:*:*:*:*:openeuler:*:*

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1754

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource management error

EUVDB-ID: #VU81871

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-42669

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to inclusion of the "rpcecho" server into production build, which can call sleep() on AD DC. A remote user can request the server block using the "rpcecho" server and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP3

samba-vfs-glusterfs: before 4.11.12-32

samba-pidl: before 4.11.12-32

samba-dc-provision: before 4.11.12-32

samba-common: before 4.11.12-32

samba-libs: before 4.11.12-32

samba-common-tools: before 4.11.12-32

python3-samba: before 4.11.12-32

python3-samba-test: before 4.11.12-32

python3-samba-dc: before 4.11.12-32

libsmbclient-devel: before 4.11.12-32

samba-client: before 4.11.12-32

samba-debugsource: before 4.11.12-32

samba-dc-bind-dlz: before 4.11.12-32

samba-help: before 4.11.12-32

samba-winbind-modules: before 4.11.12-32

ctdb: before 4.11.12-32

libwbclient: before 4.11.12-32

libwbclient-devel: before 4.11.12-32

samba-winbind-krb5-locator: before 4.11.12-32

samba-krb5-printing: before 4.11.12-32

samba-devel: before 4.11.12-32

libsmbclient: before 4.11.12-32

samba-winbind-clients: before 4.11.12-32

samba-dc: before 4.11.12-32

samba-test: before 4.11.12-32

samba-debuginfo: before 4.11.12-32

ctdb-tests: before 4.11.12-32

samba-winbind: before 4.11.12-32

samba: before 4.11.12-32

CPE2.3

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP3:*:*:*:*:*:*
• cpe:2.3:a:openeuler:samba-vfs-glusterfs:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-pidl:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-dc-provision:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-common:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-libs:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-common-tools:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:python3-samba:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:python3-samba-test:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:python3-samba-dc:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:libsmbclient-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-client:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-dc-bind-dlz:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-help:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-winbind-modules:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ctdb:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:libwbclient:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:libwbclient-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-winbind-krb5-locator:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-krb5-printing:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:libsmbclient:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-winbind-clients:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-dc:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-test:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:ctdb-tests:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba-winbind:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:samba:*:*:*:*:*:openeuler:*:*

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1754

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.