{"schema_version":"1.7.2","id":"OESA-2023-1753","modified":"2023-10-20T11:06:09Z","published":"2023-10-20T11:06:09Z","upstream":["CVE-2023-4091","CVE-2023-42669"],"summary":"samba security update","details":"Samba is a suite of programs for Linux and Unix to interoperate with Windows.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module \u0026quot;acl_xattr\u0026quot; is configured with \u0026quot;acl_xattr:ignore system acls = yes\u0026quot;. The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba\u0026apos;s permissions.(CVE-2023-4091)\r\n\r\nA vulnerability was found in Samba\u0026apos;s \u0026quot;rpcecho\u0026quot; development server, a non-Windows RPC server used to test Samba\u0026apos;s DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the \u0026quot;rpcecho\u0026quot; service operates with only one worker in the main RPC task, allowing calls to the \u0026quot;rpcecho\u0026quot; server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a \u0026quot;sleep()\u0026quot; call in the \u0026quot;dcesrv_echo_TestSleep()\u0026quot; function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the \u0026quot;rpcecho\u0026quot; server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as \u0026quot;rpcecho\u0026quot; runs in the main RPC task.(CVE-2023-42669)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"samba","purl":"pkg:rpm/openEuler/samba\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.11.12-32.oe1"}]}],"ecosystem_specific":{"aarch64":["samba-winbind-4.11.12-32.oe1.aarch64.rpm","ctdb-tests-4.11.12-32.oe1.aarch64.rpm","samba-debuginfo-4.11.12-32.oe1.aarch64.rpm","samba-test-4.11.12-32.oe1.aarch64.rpm","samba-dc-4.11.12-32.oe1.aarch64.rpm","samba-4.11.12-32.oe1.aarch64.rpm","samba-winbind-clients-4.11.12-32.oe1.aarch64.rpm","libsmbclient-4.11.12-32.oe1.aarch64.rpm","samba-devel-4.11.12-32.oe1.aarch64.rpm","samba-krb5-printing-4.11.12-32.oe1.aarch64.rpm","samba-winbind-krb5-locator-4.11.12-32.oe1.aarch64.rpm","libwbclient-devel-4.11.12-32.oe1.aarch64.rpm","libwbclient-4.11.12-32.oe1.aarch64.rpm","ctdb-4.11.12-32.oe1.aarch64.rpm","samba-winbind-modules-4.11.12-32.oe1.aarch64.rpm","samba-help-4.11.12-32.oe1.aarch64.rpm","samba-dc-bind-dlz-4.11.12-32.oe1.aarch64.rpm","samba-debugsource-4.11.12-32.oe1.aarch64.rpm","samba-client-4.11.12-32.oe1.aarch64.rpm","libsmbclient-devel-4.11.12-32.oe1.aarch64.rpm","python3-samba-dc-4.11.12-32.oe1.aarch64.rpm","python3-samba-test-4.11.12-32.oe1.aarch64.rpm","python3-samba-4.11.12-32.oe1.aarch64.rpm","samba-common-tools-4.11.12-32.oe1.aarch64.rpm","samba-libs-4.11.12-32.oe1.aarch64.rpm","samba-common-4.11.12-32.oe1.aarch64.rpm","samba-dc-provision-4.11.12-32.oe1.aarch64.rpm"],"noarch":["samba-pidl-4.11.12-32.oe1.noarch.rpm"],"src":["samba-4.11.12-32.oe1.src.rpm"],"x86_64":["samba-4.11.12-32.oe1.x86_64.rpm","python3-samba-4.11.12-32.oe1.x86_64.rpm","samba-winbind-clients-4.11.12-32.oe1.x86_64.rpm","samba-dc-4.11.12-32.oe1.x86_64.rpm","libwbclient-devel-4.11.12-32.oe1.x86_64.rpm","samba-debuginfo-4.11.12-32.oe1.x86_64.rpm","libsmbclient-4.11.12-32.oe1.x86_64.rpm","samba-vfs-glusterfs-4.11.12-32.oe1.x86_64.rpm","samba-winbind-modules-4.11.12-32.oe1.x86_64.rpm","samba-help-4.11.12-32.oe1.x86_64.rpm","samba-devel-4.11.12-32.oe1.x86_64.rpm","samba-libs-4.11.12-32.oe1.x86_64.rpm","samba-common-4.11.12-32.oe1.x86_64.rpm","samba-krb5-printing-4.11.12-32.oe1.x86_64.rpm","samba-debugsource-4.11.12-32.oe1.x86_64.rpm","samba-winbind-4.11.12-32.oe1.x86_64.rpm","samba-dc-provision-4.11.12-32.oe1.x86_64.rpm","samba-dc-bind-dlz-4.11.12-32.oe1.x86_64.rpm","samba-common-tools-4.11.12-32.oe1.x86_64.rpm","samba-client-4.11.12-32.oe1.x86_64.rpm","python3-samba-dc-4.11.12-32.oe1.x86_64.rpm","ctdb-tests-4.11.12-32.oe1.x86_64.rpm","python3-samba-test-4.11.12-32.oe1.x86_64.rpm","ctdb-4.11.12-32.oe1.x86_64.rpm","libwbclient-4.11.12-32.oe1.x86_64.rpm","samba-winbind-krb5-locator-4.11.12-32.oe1.x86_64.rpm","samba-test-4.11.12-32.oe1.x86_64.rpm","libsmbclient-devel-4.11.12-32.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1753"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4091"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42669"}],"database_specific":{"severity":"Medium"}}