Korean
<< Back
VID 23339
Severity 40
Port 139
Protocol TCP
Class Samba
Detailed Description The version of Samba running on the remote host is prior from 4.0 to 4.15, or 4.16.x prior to 4.16.10, or 4.17.x prior to 4.17.7, or 4.18.x prior to 4.18.1.
It is, therefore, affected by multiple vulnerabilities:

- An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. (CVE-2023-0225)

- The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. (CVE-2023-0922)

- The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure via LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. Installations with such secrets in their Samba AD should assume they have been obtained and need replacing. (CVE-2023-0614)

* References:
https://www.samba.org/samba/security/CVE-2023-0614.html
https://www.samba.org/samba/security/CVE-2023-0922.html
https://www.samba.org/samba/security/CVE-2023-0225.html

* Platforms Affected:
Samba Project, Samba versions 4.x.x prior to 4.16.10
Linux Any version
Unix Any version
Recommendation Upgrade to the latest version of Samba 4.16.10 or later, available from the Samba Web site at https://www.samba.org/samba/download/
Related URL CVE-2023-0225,CVE-2023-0922,CVE-2023-0614 (CVE)
Related URL (SecurityFocus)
Related URL (ISS)