jiachao2130/cvrf2cusa
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d1132d88d2
cvrf2cusa/cvrf/2023/cvrf-openEuler-SA-2023-1755.xml
Jia Chao 0b34274085 git mv 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-07-25 09:57:37 +08:00

186 lines
16 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
<DocumentTitle xml:lang="en">An update for samba is now available for openEuler-22.03-LTS</DocumentTitle>
<DocumentType>Security Advisory</DocumentType>
<DocumentPublisher Type="Vendor">
<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
<IssuingAuthority>openEuler security committee</IssuingAuthority>
</DocumentPublisher>
<DocumentTracking>
<Identification>
<ID>openEuler-SA-2023-1755</ID>
</Identification>
<Status>Final</Status>
<Version>1.0</Version>
<RevisionHistory>
<Revision>
<Number>1.0</Number>
<Date>2023-10-20</Date>
<Description>Initial</Description>
</Revision>
</RevisionHistory>
<InitialReleaseDate>2023-10-20</InitialReleaseDate>
<CurrentReleaseDate>2023-10-20</CurrentReleaseDate>
<Generator>
<Engine>openEuler SA Tool V1.0</Engine>
<Date>2023-10-20</Date>
</Generator>
</DocumentTracking>
<DocumentNotes>
<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">samba security update</Note>
<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for samba is now available for openEuler-22.03-LTS.</Note>
<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">Samba is a suite of programs for Linux and Unix to interoperate with Windows.
Security Fix(es):
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module &quot;acl_xattr&quot; is configured with &quot;acl_xattr:ignore system acls = yes&quot;. The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba&apos;s permissions.(CVE-2023-4091)
A vulnerability was found in Samba&apos;s &quot;rpcecho&quot; development server, a non-Windows RPC server used to test Samba&apos;s DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the &quot;rpcecho&quot; service operates with only one worker in the main RPC task, allowing calls to the &quot;rpcecho&quot; server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a &quot;sleep()&quot; call in the &quot;dcesrv_echo_TestSleep()&quot; function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the &quot;rpcecho&quot; server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as &quot;rpcecho&quot; runs in the main RPC task.(CVE-2023-42669)</Note>
<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for samba is now available for openEuler-22.03-LTS.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">Medium</Note>
<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">samba</Note>
</DocumentNotes>
<DocumentReferences>
<Reference Type="Self">
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1755</URL>
</Reference>
<Reference Type="openEuler CVE">
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-4091</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-42669</URL>
</Reference>
<Reference Type="Other">
<URL>https://nvd.nist.gov/vuln/detail/CVE-2023-4091</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2023-42669</URL>
</Reference>
</DocumentReferences>
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
<Branch Type="Product Name" Name="openEuler">
<FullProductName ProductID="openEuler-22.03-LTS" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">openEuler-22.03-LTS</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="aarch64">
<FullProductName ProductID="samba-debugsource-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-debugsource-4.15.3-23.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="ctdb-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">ctdb-4.15.3-23.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-help-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-help-4.15.3-23.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="libsmbclient-devel-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libsmbclient-devel-4.15.3-23.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="libsmbclient-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libsmbclient-4.15.3-23.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-common-tools-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-common-tools-4.15.3-23.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-winbind-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-winbind-4.15.3-23.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-winbind-clients-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-winbind-clients-4.15.3-23.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-winbind-modules-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-winbind-modules-4.15.3-23.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="python3-samba-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">python3-samba-4.15.3-23.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="python3-samba-test-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">python3-samba-test-4.15.3-23.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-libs-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-libs-4.15.3-23.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="python3-samba-dc-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">python3-samba-dc-4.15.3-23.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="libwbclient-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libwbclient-4.15.3-23.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-4.15.3-23.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-winbind-krb5-locator-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-winbind-krb5-locator-4.15.3-23.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-test-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-test-4.15.3-23.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-common-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-common-4.15.3-23.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-krb5-printing-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-krb5-printing-4.15.3-23.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-dc-provision-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-dc-provision-4.15.3-23.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-dc-bind-dlz-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-dc-bind-dlz-4.15.3-23.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-client-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-client-4.15.3-23.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-devel-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-devel-4.15.3-23.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-debuginfo-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-debuginfo-4.15.3-23.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="samba-dc-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-dc-4.15.3-23.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="libwbclient-devel-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libwbclient-devel-4.15.3-23.oe2203.aarch64.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="noarch">
<FullProductName ProductID="samba-pidl-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-pidl-4.15.3-23.oe2203.noarch.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="src">
<FullProductName ProductID="samba-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-4.15.3-23.oe2203.src.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="x86_64">
<FullProductName ProductID="samba-client-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-client-4.15.3-23.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-4.15.3-23.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-winbind-krb5-locator-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-winbind-krb5-locator-4.15.3-23.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="libsmbclient-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libsmbclient-4.15.3-23.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="python3-samba-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">python3-samba-4.15.3-23.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-winbind-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-winbind-4.15.3-23.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-winbind-clients-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-winbind-clients-4.15.3-23.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-common-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-common-4.15.3-23.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-dc-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-dc-4.15.3-23.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="libwbclient-devel-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libwbclient-devel-4.15.3-23.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-debugsource-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-debugsource-4.15.3-23.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-krb5-printing-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-krb5-printing-4.15.3-23.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-devel-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-devel-4.15.3-23.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-debuginfo-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-debuginfo-4.15.3-23.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="python3-samba-dc-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">python3-samba-dc-4.15.3-23.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="python3-samba-test-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">python3-samba-test-4.15.3-23.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="libsmbclient-devel-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libsmbclient-devel-4.15.3-23.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-help-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-help-4.15.3-23.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-vfs-glusterfs-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-vfs-glusterfs-4.15.3-23.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-libs-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-libs-4.15.3-23.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-test-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-test-4.15.3-23.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="ctdb-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">ctdb-4.15.3-23.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-winbind-modules-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-winbind-modules-4.15.3-23.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="libwbclient-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libwbclient-4.15.3-23.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-dc-bind-dlz-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-dc-bind-dlz-4.15.3-23.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-common-tools-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-common-tools-4.15.3-23.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="samba-dc-provision-4.15.3-23" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">samba-dc-provision-4.15.3-23.oe2203.x86_64.rpm</FullProductName>
</Branch>
</ProductTree>
<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module acl_xattr is configured with acl_xattr:ignore system acls = yes . The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba s permissions.</Note>
</Notes>
<ReleaseDate>2023-10-20</ReleaseDate>
<CVE>CVE-2023-4091</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-22.03-LTS</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>6.5</BaseScore>
<Vector>AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>samba security update</Description>
<DATE>2023-10-20</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1755</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="2" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="2" xml:lang="en">A vulnerability was found in Samba s rpcecho development server, a non-Windows RPC server used to test Samba s DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the rpcecho service operates with only one worker in the main RPC task, allowing calls to the rpcecho server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a sleep() call in the dcesrv_echo_TestSleep() function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the rpcecho server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as rpcecho runs in the main RPC task.</Note>
</Notes>
<ReleaseDate>2023-10-20</ReleaseDate>
<CVE>CVE-2023-42669</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-22.03-LTS</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>6.5</BaseScore>
<Vector>AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>samba security update</Description>
<DATE>2023-10-20</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1755</URL>
</Remediation>
</Remediations>
</Vulnerability>
</cvrfdoc>
Reference in New Issue View Git Blame Copy Permalink