#VU81875 Improper Authorization in Samba


Published: 2023-10-11

Vulnerability identifier: #VU81875

Vulnerability risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3961

CWE-ID: CWE-285

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper input validation when handling client pipe names. A remote attacker can provide a specially crafted pipe name containing directory traversal characters and force Samba to connect to Unix domain sockets outside of the private directory meant to restrict the services a client could connect to.The connection to Unix domain sockets is performed as root, which means that if client sends a pipe name that resolved to an external service using an existing Unix domain socket, the client is able to connect to it without any filesystem restrictions.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Samba: 4.19.0, 4.18.0 - 4.18.7, 4.17.0 - 4.17.11, 4.16.0 - 4.16.11


External links
http://www.samba.org/samba/security/CVE-2023-3961.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability