CVE-2023-4091
Summary
A vulnerability in Samba, identified as CVE-2023-4091, allows SMB clients to truncate files despite having read-only permissions. This occurs when the 'acl_xattr' VFS module is configured to ignore system ACLs, enabling clients to overwrite files by exploiting the SMB protocol's handling of create disposition requests.
IFF Assessment
This vulnerability allows unauthorized file truncation, posing a risk to data integrity and availability for organizations using Samba.
Severity
Defender Context
This vulnerability impacts Samba deployments that rely on the 'acl_xattr' VFS module with specific configurations. Defenders should assess their Samba configurations and consider updating Samba to a patched version or implementing stricter access controls to mitigate the risk of unauthorized file truncation.