SB202502194536 - Amazon Linux AMI update for samba

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB202502194536

SB202502194536 - Amazon Linux AMI update for samba

Published: February 19, 2025

Security Bulletin ID SB202502194536
Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Improper Authorization (CVE-ID: CVE-2023-3961)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper input validation when handling client pipe names. A remote attacker can provide a specially crafted pipe name containing directory traversal characters and force Samba to connect to Unix domain sockets outside of the private directory meant to restrict the services a client could connect to.The connection to Unix domain sockets is performed as root, which means that if client sends a pipe name that resolved to an external service using an existing Unix domain socket, the client is able to connect to it without any filesystem restrictions.


2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-4091)

The vulnerability allows a remote user to truncate read-only files.

The vulnerability exists due to an error in the way SMB protocol implementation in Samba handles file operations. A remote user can request read-only access to files and then truncate them to 0 bytes by opening files with OVERWRITE disposition when using the acl_xattr Samba VFS module with the smb.conf setting "acl_xattr:ignore system acls = yes".


Remediation

Install update from vendor's website.

References