Multiple vulnerabilities in Samba

Published: 2023-03-29

Risk	Medium
Patch available	YES
Number of vulnerabilities	3
CVE-ID	CVE-2023-0614 CVE-2023-0225 CVE-2023-0922
CWE-ID	CWE-284 CWE-264 CWE-319
Exploitation vector	Local network
Public exploit	N/A
Vulnerable software	Samba Server applications / Directory software, identity management
Vendor	Samba

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Improper access control

EUVDB-ID: #VU74179

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-0614

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote user to gain gain access to sensitive information.

The vulnerability exists due to insufficient patch for vulnerability #VU14335 (CVE-2018-10919). A remote user can bypass implemented security restrictions and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Samba: 4.0.0 - 4.18.0

CPE2.3

External links

https://www.samba.org/samba/security/CVE-2023-0614.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU74178

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-0225

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote user to delete certain attributes.

The vulnerability exists due to improper access restrictions. A remote unprivileged user can delete the "dnsHostname" attribute.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Samba: 4.17.0 - 4.18.0

CPE2.3

External links

https://www.samba.org/samba/security/CVE-2023-0225.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Cleartext transmission of sensitive information

EUVDB-ID: #VU74177

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-0922

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to samba-tool transmits credentials to the LDAP server in clear text. A remote attacker with ability to intercept network traffic can gain access to sensitive data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Samba: 4.0.0 - 4.18.0

CPE2.3

External links

https://www.samba.org/samba/security/CVE-2023-0922.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.