CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
53.8%
A path traversal vulnerability was identified in Samba when processing
client pipe names connecting to Unix domain sockets within a private
directory. Samba typically uses this mechanism to connect SMB clients to
remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba
initiates on demand. However, due to inadequate sanitization of incoming
client pipe names, allowing a client to send a pipe name containing Unix
directory traversal characters (…/). This could result in SMB clients
connecting as root to Unix domain sockets outside the private directory. If
an attacker or client managed to send a pipe name resolving to an external
service using an existing Unix domain socket, it could potentially lead to
unauthorized access to the service and consequential adverse events,
including compromise or service crashes.
Author | Note |
---|---|
mdeslaur | 4.16.x only |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
53.8%