An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an attacker to have unintended access, e.g., an attacker with WRITE_XATTR can change permissions. This occurs because of a combination of three factors: ZFS extended attributes are used to implement NT named streams, the SMB protocol requires implementations to have open handle semantics similar to those of NTFS, and the SMB server passes along certain attribute requests to the underlying object (i.e., they are not considered to be requests that pertain to the named stream).
History

Wed, 27 Nov 2024 16:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:oracle:solaris:11:*:*:*:*:*:*:* cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-12-26T00:00:00

Updated: 2024-08-04T21:54:44.696Z

Reserved: 2019-03-05T00:00:00

Link: CVE-2019-9579

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-12-26T20:15:10.383

Modified: 2024-11-27T16:07:37.487

Link: CVE-2019-9579

cve-icon Redhat

No data.