PT-2023-6455 · Samba+6 · Samba+6

Jeremy Allison

Publicado

2023-10-10

Atualizado

2026-02-23

CVE-2023-3961

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Samba (affected versions not specified)

Description A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

ALSA-2023:6744

ALSA-2023:7467

ALT-PU-2023-6448

ALT-PU-2023-7794

ALT-PU-2024-12484

ALT-PU-2024-14683

AZL-31899

AZL-37024

BDU:2023-07174

CESA-2023_7467

CVE-2023-3961

DSA-5525-1

ECHO-D21D-5352-A8A8

MGASA-2023-0340

OESA-2023-1756

OESA-2023-1757

OPENSUSE-SU-2023_4046-1

OPENSUSE-SU-2024:13332-1

RHSA-2023:6209

RHSA-2023:6744

RHSA-2023:7371

RHSA-2023:7408

RHSA-2023:7464

RHSA-2023:7467

RHSA-2023_6744

RHSA-2023_7467

SUSE-SU-2023:4046-1

SUSE-SU-2023_4046-1

Produtos afetados

Alt Linux

Almalinux

Centos

Red Hat

Red Os

Samba

Suse

PT-2023-6455 · Samba+6 · Samba+6

CVE-2023-3961

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 71