Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-3961

UNKNOWN
Published 2023-11-03T12:32:29.558Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-3961. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
9.1
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01
0.004
probability
of exploitation in the wild

There is a 0.4% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25
Exploit Probability
Percentile: 0.738
Higher than 73.8% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
NONE
Integrity
HIGH
Availability
HIGH

Description

A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Red Hat

Red Hat Enterprise Linux 8

Affected Versions:

0:4.18.6-2.el8_9
Red Hat

Red Hat Enterprise Linux 8

Affected Versions:

0:4.18.6-2.el8_9
Red Hat

Red Hat Enterprise Linux 8.6 Extended Update Support

Affected Versions:

0:4.15.5-13.el8_6
Red Hat

Red Hat Enterprise Linux 8.8 Extended Update Support

Affected Versions:

0:4.17.5-4.el8_8
Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

0:4.18.6-101.el9_3
Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

0:4.18.6-101.el9_3
Red Hat

Red Hat Enterprise Linux 9.0 Extended Update Support

Affected Versions:

0:4.15.5-111.el9_0
Red Hat

Red Hat Enterprise Linux 9.2 Extended Update Support

Affected Versions:

0:4.17.5-104.el9_2
Red Hat

Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Affected Versions:

0:4.15.5-13.el8_6
Red Hat

Red Hat Enterprise Linux 6

Red Hat

Red Hat Enterprise Linux 6

Red Hat

Red Hat Enterprise Linux 7

Red Hat

Red Hat Storage 3

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-8m6h-6qw7-f6cg

Advisory Details

A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes.

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-3961
WEB https://access.redhat.com/errata/RHSA-2023:6209
WEB https://access.redhat.com/errata/RHSA-2023:6744
WEB https://access.redhat.com/errata/RHSA-2023:7371
WEB https://access.redhat.com/errata/RHSA-2023:7408
WEB https://access.redhat.com/errata/RHSA-2023:7464
WEB https://access.redhat.com/errata/RHSA-2023:7467
WEB https://access.redhat.com/security/cve/CVE-2023-3961
WEB https://bugzilla.redhat.com/show_bug.cgi?id=2241881
WEB https://bugzilla.samba.org/show_bug.cgi?id=15422
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/ZUMVALLFFDFC53JZMUWA6HPD7HUGAP5I
WEB https://security.netapp.com/advisory/ntap-20231124-0002
WEB https://www.samba.org/samba/security/CVE-2023-3961.html

Advisory provided by GitHub Security Advisory Database. Published: November 3, 2023, Modified: September 16, 2024

References

https://access.redhat.com/errata/RHSA-2023:6209
https://access.redhat.com/errata/RHSA-2023:6744
https://access.redhat.com/errata/RHSA-2023:7371
https://access.redhat.com/errata/RHSA-2023:7408
https://access.redhat.com/errata/RHSA-2023:7464
https://access.redhat.com/errata/RHSA-2023:7467
https://access.redhat.com/security/cve/CVE-2023-3961
https://bugzilla.redhat.com/show_bug.cgi?id=2241881
https://bugzilla.samba.org/show_bug.cgi?id=15422
https://www.samba.org/samba/security/CVE-2023-3961.html
Published: 2023-11-03T12:32:29.558Z
Last Modified: 2024-11-23T02:00:36.164Z
Copied to clipboard!