CVE-2023-4091

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-4091
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-4091.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-4091
Downstream
Related
Published
2023-11-03T07:56:35.611Z
Modified
2026-05-15T12:04:58.107268012Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Samba: smb clients can truncate files with read-only permissions
Details

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "aclxattr" is configured with "aclxattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.

Database specific 
{
    "cwe_ids": [
        "CWE-276"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/4xxx/CVE-2023-4091.json",
    "cna_assigner": "redhat"
}
References

Affected packages