diff options
| author | Archana Polampalli <archana.polampalli@windriver.com> | 2023-11-23 06:13:07 +0000 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2023-12-13 13:35:51 -0500 |
| commit | ad3dc46c878ae8bd90e720c672d159fe5763dbe3 (patch) | |
| tree | 5beeee0002ea6f89070dc519c71b2b855f9805f2 /meta-python/recipes-devtools/python/python3-async-timeout_4.0.2.bb | |
| parent | 01c0aaaf620f9eeb073f39ce5149f08bb6a32cb0 (diff) | |
| download | meta-openembedded-ad3dc46c878ae8bd90e720c672d159fe5763dbe3.tar.gz | |
samba: fix CVE-2023-4091
A vulnerability was discovered in Samba, where the flaw allows SMB clients to
truncate files, even with read-only permissions when the Samba VFS module
"acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB
protocol allows opening files when the client requests read-only access but
then implicitly truncates the opened file to 0 bytes if the client specifies
a separate OVERWRITE create disposition request. The issue arises in configurations
that bypass kernel file system permissions checks, relying solely on Samba's permissions.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-4091
Fix is patched to the function call smbd_check_access_rights_fsp() of open_file(),
But in samba_4.14.14 smbd_check_access_rights() is used, from samba_4.15.0 onwards
smbd_check_access_rights() was replaced with smbd_check_access_rights_fsp() and
samba_4.14.14 is still vulnerable through smbd_check_access_rights().
Ref:
https://github.com/samba-team/samba/commit/3f61369d153419158c0f223e6f81c0bb07275833
https://github.com/samba-team/samba/commit/26dc10bdb2cff3eece4a2874931b4058f9f87d68
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-python/recipes-devtools/python/python3-async-timeout_4.0.2.bb')
0 files changed, 0 insertions, 0 deletions