{
  "threat_severity" : "Moderate",
  "public_date" : "2020-10-29T00:00:00Z",
  "bugzilla" : {
    "description" : "samba: Missing handle permissions check in SMB1/2/3 ChangeNotify",
    "id" : "1892631",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1892631"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-266",
  "details" : [ "A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.", "A flaw was found in the way Samba handled file and directory permissions. This flaw allows an authenticated user to gain access to certain file and directory information, which otherwise would be unavailable. The highest threat from this vulnerability is to confidentiality." ],
  "acknowledgement" : "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Steven French (Microsoft and the Samba Team) as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-12-15T00:00:00Z",
    "advisory" : "RHSA-2020:5439",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "samba-0:4.10.16-9.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1647",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "openchange-0:2.3-27.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1647",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "samba-0:4.13.3-3.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1647",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "openchange-0:2.3-27.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1647",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "samba-0:4.13.3-3.el8"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.5 for RHEL 7",
    "release_date" : "2021-10-05T00:00:00Z",
    "advisory" : "RHSA-2021:3723",
    "cpe" : "cpe:/a:redhat:storage:3.5:samba:el7",
    "package" : "samba-0:4.11.6-112.el7rhgs"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.5 for RHEL 8",
    "release_date" : "2021-05-05T00:00:00Z",
    "advisory" : "RHBA-2021:1503",
    "cpe" : "cpe:/a:redhat:storage:3.5:samba:el8",
    "package" : "samba-0:4.13.7-101.el8rhgs"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "samba",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-14318\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14318\nhttps://www.samba.org/samba/security/CVE-2020-14318.html" ],
  "name" : "CVE-2020-14318",
  "mitigation" : {
    "value" : "As Samba internally opens an underlying file system handle on a directory when a client requests an open, even for FILE_READ_ATTRIBUTES then if the underlying file system permissions don't allow \"r\" (read) access for the connected user, then the handle open request will be denied.\n\"r\" access is the normal permission needed to list or otherwise reveal the contents of a directory, so if a connected user has \"r\" access then they will be able to list the directory contents normally, and the information received by a ChangeNofity request is already available to the user.\nThe security issue occurs if the Administrator or directory owner had set more restrictive Windows ACL permissions on the directory to disallow read access to the user, and this permissions change was not reflected in the underlying file system permissions.\nThis will only occur if Samba is configured with VFS modules to decouple the underlying file system permissions from the Windows ACLs, by setting up a share with the settings:\n[vulnerable_share]\nvfs_objects = vfs_acl_xattr\nacl_xattr:ignore system acls = yes",
    "lang" : "en:us"
  },
  "csaw" : false
}