openEuler 22.03 LTS SP1 update for samba



Published: 2023-04-17
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2023-0225
CVE-2023-0922
CWE-ID CWE-264
CWE-319
Exploitation vector Local network
Public exploit N/A
Vulnerable software
Subscribe 		openEuler
Operating systems & Components / Operating system

samba-vfs-glusterfs
Operating systems & Components / Operating system package or component

samba-pidl
Operating systems & Components / Operating system package or component

samba-usershares
Operating systems & Components / Operating system package or component

python3-samba-test
Operating systems & Components / Operating system package or component

samba-help
Operating systems & Components / Operating system package or component

samba-devel
Operating systems & Components / Operating system package or component

libwbclient-devel
Operating systems & Components / Operating system package or component

samba-common
Operating systems & Components / Operating system package or component

samba-dc-provision
Operating systems & Components / Operating system package or component

samba-debuginfo
Operating systems & Components / Operating system package or component

samba-client
Operating systems & Components / Operating system package or component

samba-dc-libs
Operating systems & Components / Operating system package or component

samba-dc
Operating systems & Components / Operating system package or component

samba-libs
Operating systems & Components / Operating system package or component

samba-test
Operating systems & Components / Operating system package or component

libsmbclient
Operating systems & Components / Operating system package or component

samba-winbind-clients
Operating systems & Components / Operating system package or component

samba-common-tools
Operating systems & Components / Operating system package or component

libwbclient
Operating systems & Components / Operating system package or component

python3-samba-dc
Operating systems & Components / Operating system package or component

samba-debugsource
Operating systems & Components / Operating system package or component

samba-krb5-printing
Operating systems & Components / Operating system package or component

python3-samba
Operating systems & Components / Operating system package or component

samba-winbind-modules
Operating systems & Components / Operating system package or component

libsmbclient-devel
Operating systems & Components / Operating system package or component

samba-client-libs
Operating systems & Components / Operating system package or component

samba-dc-bind-dlz
Operating systems & Components / Operating system package or component

ctdb
Operating systems & Components / Operating system package or component

samba-winbind-krb5-locator
Operating systems & Components / Operating system package or component

samba-winbind
Operating systems & Components / Operating system package or component

samba
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU74178

Risk: Low

CVSSv3.1: 3.1 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0225

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote user to delete certain attributes.

The vulnerability exists due to improper access restrictions. A remote unprivileged user can delete the "dnsHostname" attribute.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

samba-vfs-glusterfs: before 4.17.5-4

samba-pidl: before 4.17.5-4

samba-usershares: before 4.17.5-4

python3-samba-test: before 4.17.5-4

samba-help: before 4.17.5-4

samba-devel: before 4.17.5-4

libwbclient-devel: before 4.17.5-4

samba-common: before 4.17.5-4

samba-dc-provision: before 4.17.5-4

samba-debuginfo: before 4.17.5-4

samba-client: before 4.17.5-4

samba-dc-libs: before 4.17.5-4

samba-dc: before 4.17.5-4

samba-libs: before 4.17.5-4

samba-test: before 4.17.5-4

libsmbclient: before 4.17.5-4

samba-winbind-clients: before 4.17.5-4

samba-common-tools: before 4.17.5-4

libwbclient: before 4.17.5-4

python3-samba-dc: before 4.17.5-4

samba-debugsource: before 4.17.5-4

samba-krb5-printing: before 4.17.5-4

python3-samba: before 4.17.5-4

samba-winbind-modules: before 4.17.5-4

libsmbclient-devel: before 4.17.5-4

samba-client-libs: before 4.17.5-4

samba-dc-bind-dlz: before 4.17.5-4

ctdb: before 4.17.5-4

samba-winbind-krb5-locator: before 4.17.5-4

samba-winbind: before 4.17.5-4

samba: before 4.17.5-4

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1233


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Cleartext transmission of sensitive information

EUVDB-ID: #VU74177

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0922

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to samba-tool transmits credentials to the LDAP server in clear text. A remote attacker with ability to intercept network traffic can gain access to sensitive data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

samba-vfs-glusterfs: before 4.17.5-4

samba-pidl: before 4.17.5-4

samba-usershares: before 4.17.5-4

python3-samba-test: before 4.17.5-4

samba-help: before 4.17.5-4

samba-devel: before 4.17.5-4

libwbclient-devel: before 4.17.5-4

samba-common: before 4.17.5-4

samba-dc-provision: before 4.17.5-4

samba-debuginfo: before 4.17.5-4

samba-client: before 4.17.5-4

samba-dc-libs: before 4.17.5-4

samba-dc: before 4.17.5-4

samba-libs: before 4.17.5-4

samba-test: before 4.17.5-4

libsmbclient: before 4.17.5-4

samba-winbind-clients: before 4.17.5-4

samba-common-tools: before 4.17.5-4

libwbclient: before 4.17.5-4

python3-samba-dc: before 4.17.5-4

samba-debugsource: before 4.17.5-4

samba-krb5-printing: before 4.17.5-4

python3-samba: before 4.17.5-4

samba-winbind-modules: before 4.17.5-4

libsmbclient-devel: before 4.17.5-4

samba-client-libs: before 4.17.5-4

samba-dc-bind-dlz: before 4.17.5-4

ctdb: before 4.17.5-4

samba-winbind-krb5-locator: before 4.17.5-4

samba-winbind: before 4.17.5-4

samba: before 4.17.5-4

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1233


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###