The Samba-Bugzilla – Attachment 17937 Details for
Bug 15388
[SECURITY] CVE-2023-34968: Spotlight server-side Share Path Disclosure
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Advisory v4
CVE-2023-34968-security_advisory.txt (text/plain), 2.71 KB, created by
Ralph Böhme
on 2023-06-23 05:58:31 UTC
(
hide
)
Description:
Advisory v4
Filename:
MIME Type:
Creator:
Ralph Böhme
Created:
2023-06-23 05:58:31 UTC
Size:
2.71 KB
patch
obsolete
> >TODO: $VERSION > >=========================================================== >== Subject: Spotlight server-side Share Path Disclosure >== >== CVE ID#: CVE-2023-34968 >== >== Versions: All versions of Samba prior to $VERSION >== >== Summary: As part of the Spotlight protocol Samba >== discloses the server-side absolute path of >== shares and files and directories in search >== results. >=========================================================== > >=========== >Description >=========== > >As part of the Spotlight protocol, the initial request >returns a path associated with the sharename targeted by >the RPC request. Samba returns the real server-side share >path at this point, as well as returning the absolute >server-side path of results in search queries by clients. > >Known server side paths could be used to mount subsequent >more serious security attacks or could disclose confidential >information that is part of the path. > >To mitigate the issue, Samba will replace the real server-side >path with a fake path constructed from the sharename. > >Important change in mdscli RPC library and mdsearch command >----------------------------------------------------------- > >As the absolute paths starting with the sharename prefix are >not usable on the client side, the mdscli RPC library and >hence the mdsearch command will from now on report paths of >search results as relative paths relative to the root of the >SMB share. > >Given a share > > [spotlight] > path = /foo/bar > spotlight = yes > >and a file inside this share with a full server-side path of > > /foo/bar/dir/file > >previously a search that matched this file would return the >absolute server-side path of the file > > /foo/bar/dir/file > >which is now changed to > > dir/file > >by this patchset. > >================== >Patch Availability >================== > >Patches addressing both these issues have been posted to: > > https://www.samba.org/samba/security/ > >Additionally, Samba $VERSIONS have been issued >as security releases to correct the defect. Samba administrators are >advised to upgrade to these releases or apply the patch as soon >as possible. > >================== >CVSSv3 calculation >================== > >CVSS 3.0: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (5.3) > >========== >Workaround >========== > >As a possible workaround disable Spotlight by removing all >configuration stanzas that enable Spotlight ("spotlight = >yes|true"). > >======= >Credits >======= > >Originally reported by Ralph Boehme and Stefan Metzmacher >of SerNet and the Samba team. > >Patches provided by Ralph Boehme of SerNet and the Samba >team. > >========================================================== >== Our Code, Our Bugs, Our Responsibility. >== The Samba Team >========================================================== >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
jra
:
review+
Actions:
View
Attachments on
bug 15388
:
17912
|
17918
|
17921
|
17932
|
17933
|
17936
| 17937 |
17945
|
17946
|
17952