6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.8 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.0%
Samba is available on IBM i to provide file system access. Samba could allow an attacker to bypass security restrictions due to a flaw as described in the vulnerability details section. IBM i has addressed the vulnerability in the Samba implementation by providing a fix as described in the remediation/fixes section.
CVEID:CVE-2023-4091
**DESCRIPTION:**Samba could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when using the acl_xattr Samba VFS module with the smb.conf setting “acl_xattr:ignore system acls = yes”. By sending a specially crafted request, an attacker could exploit this vulnerability to truncate files to 0 bytes.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268588 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM i | 7.4 |
IBM i | 7.3 |
IBM i | 7.2 |
The issues can be fixed by applying a PTF to IBM i. IBM i releases 7.4, 7.3, and 7.2 will be fixed.
The IBM i PTF number for 5770-SS1 contains the fix for the vulnerability.
IBM i Release | 5770-SS1 | PTF Download Link |
---|---|---|
7.4 | SI85145 | <https://www.ibm.com/support/pages/ptf/SI85145> |
7.3 | SI85144 | <https://www.ibm.com/support/pages/ptf/SI85144> |
7.2 | SI85143 | <https://www.ibm.com/support/pages/ptf/SI85143> |
https://www.ibm.com/support/fixcentral
_Important note: _IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.
None
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.8 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.0%