SB2023072431 - Multiple vulnerabilities in Samba
Published: July 24, 2023 Updated: August 28, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2023-34968)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can send a specially crafted RPC request to the server and obtain real server-side share path.
2) Type Confusion (CVE-ID: CVE-2023-34967)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error when parsing Spotlight mdssvc RPC packets. A remote attacker can send specially crafted data to the server, trigger a type confusion error and crash the server.
3) Infinite loop (CVE-ID: CVE-2023-34966)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when parsing Spotlight mdssvc RPC packets. A remote attacker can consume all available system resources and cause denial of service conditions on servers where Spotlight is explicitly enabled globally or on individual shares with "spotlight = yes".
4) Security features bypass (CVE-ID: CVE-2023-3347)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to SMB2 packet signing feature is not enforced if the server is configured with the "server signing = required" option or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. A remote attacker can intercept and manipulate data.
Remediation
Install update from vendor's website.
References
- https://www.samba.org/samba/security/CVE-2023-34968.html
- https://access.redhat.com/security/cve/CVE-2023-34968
- https://bugzilla.redhat.com/show_bug.cgi?id=2222795
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/
- https://access.redhat.com/security/cve/CVE-2023-34967
- https://www.samba.org/samba/security/CVE-2023-34967.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2222794
- https://www.zerodayinitiative.com/advisories/ZDI-23-1227/
- https://access.redhat.com/security/cve/CVE-2023-34966
- https://www.samba.org/samba/security/CVE-2023-34966
- https://bugzilla.redhat.com/show_bug.cgi?id=2222793
- https://www.zerodayinitiative.com/advisories/ZDI-23-1228/
- https://www.samba.org/samba/security/CVE-2023-3347.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2222792
- https://access.redhat.com/security/cve/CVE-2023-3347