CVE-2023-3961
Description
RHSA-2023:7467: samba security update (Moderate)
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Description samba: smbd allows client access to unix domain sockets on the file system as root Red Hat statement Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. CVSS v3: 9.1โฆ
Workaround
for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Description
samba: smbd allows client access to unix domain sockets on the file system as root
Red Hat statement
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
CVSS v3: 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | samba-0:4.18.6-2.el8_9 | RHSA-2023:7467 | 2023-11-22T00:00:00Z |
| Red Hat Enterprise Linux 8 | samba-0:4.18.6-2.el8_9 | RHSA-2023:7467 | 2023-11-22T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Extended Update Support | samba-0:4.15.5-13.el8_6 | RHSA-2023:7408 | 2023-11-21T00:00:00Z |
| Red Hat Enterprise Linux 8.8 Extended Update Support | samba-0:4.17.5-4.el8_8 | RHSA-2023:7464 | 2023-11-22T00:00:00Z |
| Red Hat Enterprise Linux 9 | samba-0:4.18.6-101.el9_3 | RHSA-2023:6744 | 2023-11-07T00:00:00Z |
| Red Hat Enterprise Linux 9 | samba-0:4.18.6-101.el9_3 | RHSA-2023:6744 | 2023-11-07T00:00:00Z |
| Red Hat Enterprise Linux 9.0 Extended Update Support | samba-0:4.15.5-111.el9_0 | RHSA-2023:6209 | 2023-10-31T00:00:00Z |
| Red Hat Enterprise Linux 9.2 Extended Update Support | samba-0:4.17.5-104.el9_2 | RHSA-2023:7371 | 2023-11-21T00:00:00Z |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 | samba-0:4.15.5-13.el8_6 | RHSA-2023:7408 | 2023-11-21T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | samba | Not affected |
| Red Hat Enterprise Linux 6 | samba4 | Not affected |
| Red Hat Enterprise Linux 7 | samba | Not affected |
| Red Hat Storage 3 | samba | Out of support scope |
Apply commands
yum update -y samba
# or:
dnf upgrade -y sambaAffected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 6 | Not affected |
| redhat | Red Hat Enterprise Linux 6 | Not affected |
| redhat | Red Hat Enterprise Linux 7 | Not affected |
OS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
AlmaLinux Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | samba-vfs-iouring-4.18.6-101.el9_3.alma.1.aarch64.rpm |
| 8 | Fixed | samba-common-4.18.6-2.el8_9.alma.1.noarch.rpm |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 2:4.19.1+dfsg-1 |
| sid | Fixed | 2:4.19.1+dfsg-1 |
| forky | Fixed | 2:4.19.1+dfsg-1 |
| bullseye | Fixed | 0 |
| bookworm | Fixed | 2:4.17.12+dfsg-0+deb12u1 |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | โ |
| 8 | Fixed | โ |
References
- https://access.redhat.com/errata/RHSA-2023:6744
- https://www.suse.com/security/cve/CVE-2023-3961.html
- https://security-tracker.debian.org/tracker/CVE-2023-3961
- https://access.redhat.com/errata/RHSA-2023:7467
- https://bugzilla.redhat.com/2241881
- https://bugzilla.redhat.com/2241882
- https://bugzilla.redhat.com/2241884
- https://errata.almalinux.org/8/ALSA-2023-7467.html
- https://errata.almalinux.org/9/ALSA-2023-6744.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.