CVE-2019-9579

Name of the Vulnerable Software and Affected Versions Nexenta NexentaStor versions 4.0.5 through 5.1.2 Illumos (affected versions not specified)

Description The issue allows an attacker to have unintended access, for example, an attacker with WRITE XATTR can change permissions. This occurs due to a combination of three factors: ZFS extended attributes are used to implement NT named streams, the SMB protocol requires implementations to have open handle semantics similar to those of NTFS, and the SMB server passes along certain attribute requests to the underlying object.

Recommendations For Nexenta NexentaStor versions 4.0.5 through 5.1.2, consider restricting access to the SMB server until a patch is available. For Illumos, at the moment, there is no information about a newer version that contains a fix for this vulnerability.