SUSE update for ldb, samba



Published: 2023-03-29
Risk Medium
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2022-32746
CVE-2023-0225
CVE-2023-0614
CVE-2023-0922
CWE-ID CWE-416
CWE-264
CWE-284
CWE-319
Exploitation vector Local network
Public exploit N/A
Vulnerable software
Subscribe 		SUSE Linux Enterprise Micro for Rancher
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 15 SP3 Business Critical Linux
Operating systems & Components / Operating system

SUSE Linux Enterprise High Availability Extension 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 15 SP3 LTSS
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Real Time 15
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing LTSS 15
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing ESPOS 15
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing 15
Operating systems & Components / Operating system

SUSE Enterprise Storage
Operating systems & Components / Operating system

SUSE Manager Retail Branch Server
Operating systems & Components / Operating system

SUSE Linux Enterprise Micro
Operating systems & Components / Operating system

SUSE Manager Server
Operating systems & Components / Operating system

SUSE Manager Proxy
Operating systems & Components / Operating system

samba-ad-dc-debuginfo
Operating systems & Components / Operating system package or component

samba-ad-dc
Operating systems & Components / Operating system package or component

samba-winbind-libs-32bit
Operating systems & Components / Operating system package or component

samba-libs-32bit-debuginfo
Operating systems & Components / Operating system package or component

samba-libs-32bit
Operating systems & Components / Operating system package or component

samba-client-32bit
Operating systems & Components / Operating system package or component

samba-ad-dc-libs-32bit
Operating systems & Components / Operating system package or component

samba-client-libs-32bit
Operating systems & Components / Operating system package or component

samba-client-32bit-debuginfo
Operating systems & Components / Operating system package or component

libldb2-32bit-debuginfo
Operating systems & Components / Operating system package or component

samba-client-libs-32bit-debuginfo
Operating systems & Components / Operating system package or component

samba-winbind-libs-32bit-debuginfo
Operating systems & Components / Operating system package or component

samba-ad-dc-libs-32bit-debuginfo
Operating systems & Components / Operating system package or component

libldb2-32bit
Operating systems & Components / Operating system package or component

samba-devel-32bit
Operating systems & Components / Operating system package or component

libldb2
Operating systems & Components / Operating system package or component

samba-ldb-ldap
Operating systems & Components / Operating system package or component

samba-tool
Operating systems & Components / Operating system package or component

samba-client-libs-debuginfo
Operating systems & Components / Operating system package or component

ldb-tools
Operating systems & Components / Operating system package or component

python3-ldb-devel
Operating systems & Components / Operating system package or component

samba-ldb-ldap-debuginfo
Operating systems & Components / Operating system package or component

ldb-debugsource
Operating systems & Components / Operating system package or component

samba-dsdb-modules
Operating systems & Components / Operating system package or component

samba-dsdb-modules-debuginfo
Operating systems & Components / Operating system package or component

samba-client-debuginfo
Operating systems & Components / Operating system package or component

ldb-tools-debuginfo
Operating systems & Components / Operating system package or component

libldb-devel
Operating systems & Components / Operating system package or component

libsamba-policy-python3-devel
Operating systems & Components / Operating system package or component

samba-winbind-debuginfo
Operating systems & Components / Operating system package or component

samba-libs-python3
Operating systems & Components / Operating system package or component

libsamba-policy0-python3-debuginfo
Operating systems & Components / Operating system package or component

samba
Operating systems & Components / Operating system package or component

samba-ad-dc-libs-debuginfo
Operating systems & Components / Operating system package or component

libldb2-debuginfo
Operating systems & Components / Operating system package or component

samba-python3
Operating systems & Components / Operating system package or component

samba-python3-debuginfo
Operating systems & Components / Operating system package or component

samba-libs
Operating systems & Components / Operating system package or component

samba-winbind
Operating systems & Components / Operating system package or component

samba-ceph-debuginfo
Operating systems & Components / Operating system package or component

samba-winbind-libs
Operating systems & Components / Operating system package or component

samba-ad-dc-libs
Operating systems & Components / Operating system package or component

python3-ldb
Operating systems & Components / Operating system package or component

samba-winbind-libs-debuginfo
Operating systems & Components / Operating system package or component

samba-libs-debuginfo
Operating systems & Components / Operating system package or component

samba-client-libs
Operating systems & Components / Operating system package or component

samba-gpupdate
Operating systems & Components / Operating system package or component

python3-ldb-debuginfo
Operating systems & Components / Operating system package or component

samba-client
Operating systems & Components / Operating system package or component

samba-devel
Operating systems & Components / Operating system package or component

samba-libs-python3-debuginfo
Operating systems & Components / Operating system package or component

libsamba-policy-devel
Operating systems & Components / Operating system package or component

samba-ceph
Operating systems & Components / Operating system package or component

libsamba-policy0-python3
Operating systems & Components / Operating system package or component

ctdb
Operating systems & Components / Operating system package or component

ctdb-debuginfo
Operating systems & Components / Operating system package or component

samba-debugsource
Operating systems & Components / Operating system package or component

samba-debuginfo
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU65827

Risk: Low

CVSSv3.1: 2.1 [CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32746

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error when handling LDAP requests. A remote user with ability to edit privileged properties, such as userAccountControl, can send a specially crafted LDAP request to the server, trigger a use-after-free error and perform a denial of service (DoS) attack.


Mitigation

Update the affected package ldb, samba to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Server 15 SP3 Business Critical Linux: 15-SP3

SUSE Linux Enterprise High Availability Extension 15: SP3

SUSE Linux Enterprise Server for SAP Applications 15: SP3

SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3

SUSE Linux Enterprise Server 15: SP3

SUSE Linux Enterprise Real Time 15: SP3

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3

SUSE Linux Enterprise High Performance Computing 15: SP3

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

SUSE Manager Server: 4.2

SUSE Manager Proxy: 4.2

samba-ad-dc-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-ad-dc: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-winbind-libs-32bit: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-libs-32bit-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-libs-32bit: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-client-32bit: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-ad-dc-libs-32bit: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-client-libs-32bit: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-client-32bit-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

libldb2-32bit-debuginfo: before 2.4.4-150300.3.23.1

samba-client-libs-32bit-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-winbind-libs-32bit-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-ad-dc-libs-32bit-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

libldb2-32bit: before 2.4.4-150300.3.23.1

samba-devel-32bit: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

libldb2: before 2.4.4-150300.3.23.1

samba-ldb-ldap: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-tool: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-client-libs-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

ldb-tools: before 2.4.4-150300.3.23.1

python3-ldb-devel: before 2.4.4-150300.3.23.1

samba-ldb-ldap-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

ldb-debugsource: before 2.4.4-150300.3.23.1

samba-dsdb-modules: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-dsdb-modules-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-client-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

ldb-tools-debuginfo: before 2.4.4-150300.3.23.1

libldb-devel: before 2.4.4-150300.3.23.1

libsamba-policy-python3-devel: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-winbind-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-libs-python3: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

libsamba-policy0-python3-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-ad-dc-libs-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

libldb2-debuginfo: before 2.4.4-150300.3.23.1

samba-python3: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-python3-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-libs: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-winbind: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-ceph-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-winbind-libs: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-ad-dc-libs: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

python3-ldb: before 2.4.4-150300.3.23.1

samba-winbind-libs-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-libs-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-client-libs: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-gpupdate: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

python3-ldb-debuginfo: before 2.4.4-150300.3.23.1

samba-client: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-devel: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-libs-python3-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

libsamba-policy-devel: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-ceph: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

libsamba-policy0-python3: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

ctdb: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

ctdb-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-debugsource: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

External links

http://www.suse.com/support/update/announcement/2023/suse-su-20231687-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU74178

Risk: Low

CVSSv3.1: 3.1 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0225

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote user to delete certain attributes.

The vulnerability exists due to improper access restrictions. A remote unprivileged user can delete the "dnsHostname" attribute.

Mitigation

Update the affected package ldb, samba to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Server 15 SP3 Business Critical Linux: 15-SP3

SUSE Linux Enterprise High Availability Extension 15: SP3

SUSE Linux Enterprise Server for SAP Applications 15: SP3

SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3

SUSE Linux Enterprise Server 15: SP3

SUSE Linux Enterprise Real Time 15: SP3

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3

SUSE Linux Enterprise High Performance Computing 15: SP3

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

SUSE Manager Server: 4.2

SUSE Manager Proxy: 4.2

samba-ad-dc-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-ad-dc: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-winbind-libs-32bit: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-libs-32bit-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-libs-32bit: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-client-32bit: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-ad-dc-libs-32bit: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-client-libs-32bit: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-client-32bit-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

libldb2-32bit-debuginfo: before 2.4.4-150300.3.23.1

samba-client-libs-32bit-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-winbind-libs-32bit-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-ad-dc-libs-32bit-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

libldb2-32bit: before 2.4.4-150300.3.23.1

samba-devel-32bit: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

libldb2: before 2.4.4-150300.3.23.1

samba-ldb-ldap: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-tool: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-client-libs-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

ldb-tools: before 2.4.4-150300.3.23.1

python3-ldb-devel: before 2.4.4-150300.3.23.1

samba-ldb-ldap-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

ldb-debugsource: before 2.4.4-150300.3.23.1

samba-dsdb-modules: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-dsdb-modules-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-client-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

ldb-tools-debuginfo: before 2.4.4-150300.3.23.1

libldb-devel: before 2.4.4-150300.3.23.1

libsamba-policy-python3-devel: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-winbind-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-libs-python3: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

libsamba-policy0-python3-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-ad-dc-libs-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

libldb2-debuginfo: before 2.4.4-150300.3.23.1

samba-python3: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-python3-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-libs: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-winbind: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-ceph-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-winbind-libs: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-ad-dc-libs: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

python3-ldb: before 2.4.4-150300.3.23.1

samba-winbind-libs-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-libs-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-client-libs: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-gpupdate: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

python3-ldb-debuginfo: before 2.4.4-150300.3.23.1

samba-client: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-devel: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-libs-python3-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

libsamba-policy-devel: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-ceph: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

libsamba-policy0-python3: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

ctdb: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

ctdb-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-debugsource: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

External links

http://www.suse.com/support/update/announcement/2023/suse-su-20231687-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper access control

EUVDB-ID: #VU74179

Risk: Medium

CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0614

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote user to gain gain access to sensitive information.

The vulnerability exists due to insufficient patch for vulnerability #VU14335 (CVE-2018-10919). A remote user can bypass implemented security restrictions and gain access to sensitive information.

Mitigation

Update the affected package ldb, samba to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Server 15 SP3 Business Critical Linux: 15-SP3

SUSE Linux Enterprise High Availability Extension 15: SP3

SUSE Linux Enterprise Server for SAP Applications 15: SP3

SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3

SUSE Linux Enterprise Server 15: SP3

SUSE Linux Enterprise Real Time 15: SP3

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3

SUSE Linux Enterprise High Performance Computing 15: SP3

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

SUSE Manager Server: 4.2

SUSE Manager Proxy: 4.2

samba-ad-dc-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-ad-dc: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-winbind-libs-32bit: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-libs-32bit-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-libs-32bit: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-client-32bit: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-ad-dc-libs-32bit: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-client-libs-32bit: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-client-32bit-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

libldb2-32bit-debuginfo: before 2.4.4-150300.3.23.1

samba-client-libs-32bit-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-winbind-libs-32bit-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-ad-dc-libs-32bit-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

libldb2-32bit: before 2.4.4-150300.3.23.1

samba-devel-32bit: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

libldb2: before 2.4.4-150300.3.23.1

samba-ldb-ldap: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-tool: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-client-libs-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

ldb-tools: before 2.4.4-150300.3.23.1

python3-ldb-devel: before 2.4.4-150300.3.23.1

samba-ldb-ldap-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

ldb-debugsource: before 2.4.4-150300.3.23.1

samba-dsdb-modules: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-dsdb-modules-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-client-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

ldb-tools-debuginfo: before 2.4.4-150300.3.23.1

libldb-devel: before 2.4.4-150300.3.23.1

libsamba-policy-python3-devel: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-winbind-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-libs-python3: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

libsamba-policy0-python3-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-ad-dc-libs-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

libldb2-debuginfo: before 2.4.4-150300.3.23.1

samba-python3: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-python3-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-libs: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-winbind: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-ceph-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-winbind-libs: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-ad-dc-libs: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

python3-ldb: before 2.4.4-150300.3.23.1

samba-winbind-libs-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-libs-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-client-libs: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-gpupdate: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

python3-ldb-debuginfo: before 2.4.4-150300.3.23.1

samba-client: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-devel: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-libs-python3-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

libsamba-policy-devel: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-ceph: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

libsamba-policy0-python3: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

ctdb: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

ctdb-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-debugsource: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

External links

http://www.suse.com/support/update/announcement/2023/suse-su-20231687-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Cleartext transmission of sensitive information

EUVDB-ID: #VU74177

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0922

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to samba-tool transmits credentials to the LDAP server in clear text. A remote attacker with ability to intercept network traffic can gain access to sensitive data.

Mitigation

Update the affected package ldb, samba to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Server 15 SP3 Business Critical Linux: 15-SP3

SUSE Linux Enterprise High Availability Extension 15: SP3

SUSE Linux Enterprise Server for SAP Applications 15: SP3

SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3

SUSE Linux Enterprise Server 15: SP3

SUSE Linux Enterprise Real Time 15: SP3

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3

SUSE Linux Enterprise High Performance Computing 15: SP3

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

SUSE Manager Server: 4.2

SUSE Manager Proxy: 4.2

samba-ad-dc-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-ad-dc: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-winbind-libs-32bit: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-libs-32bit-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-libs-32bit: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-client-32bit: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-ad-dc-libs-32bit: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-client-libs-32bit: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-client-32bit-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

libldb2-32bit-debuginfo: before 2.4.4-150300.3.23.1

samba-client-libs-32bit-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-winbind-libs-32bit-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-ad-dc-libs-32bit-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

libldb2-32bit: before 2.4.4-150300.3.23.1

samba-devel-32bit: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

libldb2: before 2.4.4-150300.3.23.1

samba-ldb-ldap: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-tool: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-client-libs-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

ldb-tools: before 2.4.4-150300.3.23.1

python3-ldb-devel: before 2.4.4-150300.3.23.1

samba-ldb-ldap-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

ldb-debugsource: before 2.4.4-150300.3.23.1

samba-dsdb-modules: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-dsdb-modules-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-client-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

ldb-tools-debuginfo: before 2.4.4-150300.3.23.1

libldb-devel: before 2.4.4-150300.3.23.1

libsamba-policy-python3-devel: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-winbind-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-libs-python3: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

libsamba-policy0-python3-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-ad-dc-libs-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

libldb2-debuginfo: before 2.4.4-150300.3.23.1

samba-python3: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-python3-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-libs: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-winbind: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-ceph-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-winbind-libs: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-ad-dc-libs: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

python3-ldb: before 2.4.4-150300.3.23.1

samba-winbind-libs-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-libs-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-client-libs: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-gpupdate: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

python3-ldb-debuginfo: before 2.4.4-150300.3.23.1

samba-client: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-devel: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-libs-python3-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

libsamba-policy-devel: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-ceph: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

libsamba-policy0-python3: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

ctdb: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

ctdb-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-debugsource: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

samba-debuginfo: before 4.15.13+git.636.53d93c5b9d6-150300.3.52.1

External links

http://www.suse.com/support/update/announcement/2023/suse-su-20231687-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###