ALAS2023-2023-416 --- sambaID: oval:org.secpod.oval:def:19500480 | Date: (C)2024-01-04 (M)2024-04-29 |
Class: PATCH | Family: unix |
Samba is vulnerable to path traversal due to insufficient sanitization of clients incoming pipe names. This can lead to the client connecting to as root to a Unix domain socket outside of the Samba private directory. SMB client can truncate files to 0 bytes by opening files with OVERWRITE disposition when using the acl_xattr Samba VFS module with the smb.conf setting "acl_xattr:ignore system acls = yes"
Platform: |
Amazon Linux 2023 |
Product: |
samba |
libnetapi |
python3-samba |
libsmbclient |
libwbclient |