{"id":"CVE-2023-4091","summary":"Samba: smb clients can truncate files with read-only permissions","details":"A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module \"acl_xattr\" is configured with \"acl_xattr:ignore system acls = yes\". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.","modified":"2026-05-15T12:04:58.107268012Z","published":"2023-11-03T07:56:35.611Z","related":["ALSA-2023:6744","ALSA-2023:7467","SUSE-SU-2023:4040-1","SUSE-SU-2023:4046-1","SUSE-SU-2023:4059-1","SUSE-SU-2023:4096-1","USN-6425-3","openSUSE-SU-2024:13332-1"],"database_specific":{"cwe_ids":["CWE-276"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/4xxx/CVE-2023-4091.json","cna_assigner":"redhat"},"references":[{"type":"WEB","url":"https://access.redhat.com/downloads/content/package-browser/"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUMVALLFFDFC53JZMUWA6HPD7HUGAP5I/"},{"type":"WEB","url":"https://www.samba.org/samba/security/CVE-2023-4091.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2023:6209"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2023:6744"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2023:7371"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2023:7408"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2023:7464"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2023:7467"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2023-4091"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/4xxx/CVE-2023-4091.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4091"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20231124-0002/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241882"},{"type":"REPORT","url":"https://bugzilla.samba.org/show_bug.cgi?id=15439"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}