Amazon Linux AMI update for samba



Published: 2024-08-06
Risk High
Patch available YES
Number of vulnerabilities 16
CVE-ID CVE-2016-2124
CVE-2020-17049
CVE-2021-20316
CVE-2021-43566
CVE-2021-44141
CVE-2022-0336
CVE-2022-1615
CVE-2022-32742
CVE-2022-32743
CVE-2022-32746
CVE-2022-3437
CVE-2022-3592
CVE-2022-37966
CVE-2022-37967
CVE-2022-38023
CVE-2022-45141
CWE-ID CWE-284
CWE-254
CWE-362
CWE-59
CWE-345
CWE-330
CWE-401
CWE-276
CWE-416
CWE-122
CWE-61
CWE-264
CWE-327
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Amazon Linux AMI
Operating systems & Components / Operating system

samba
Operating systems & Components / Operating system package or component

Vendor Amazon Web Services

Security Bulletin

This security bulletin contains information about 16 vulnerabilities.

1) Improper access control

EUVDB-ID: #VU58098

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-2124

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to SMB1 client connections can be downgraded to plaintext authentication. A remote attacker can perform a man-in-the-middle attack and downgrade a negotiated SMB1 client connection and its capabitilities.

Mitigation

Update the affected packages:

aarch64:
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-debugsource-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.aarch64
    samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-usershares-4.17.5-0.amzn2023.0.2.aarch64

noarch:
    samba-common-4.17.5-0.amzn2023.0.2.noarch
    samba-pidl-4.17.5-0.amzn2023.0.2.noarch

src:
    samba-4.17.5-0.amzn2023.0.2.src

x86_64:
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-4.17.5-0.amzn2023.0.2.x86_64
    samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-debugsource-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-usershares-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

samba: before 4.17.5-0

CPE2.3 External links

http://alas.aws.amazon.com/AL2023/ALAS-2023-032.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Security Features

EUVDB-ID: #VU48269

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-17049

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote user to bypass authentication process.

The vulnerability exists due to security feature bypass issue in Kerberos. A remote administrator can bypass authentication process and gain unauthorized access to the application.

Mitigation

Update the affected packages:

aarch64:
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-debugsource-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.aarch64
    samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-usershares-4.17.5-0.amzn2023.0.2.aarch64

noarch:
    samba-common-4.17.5-0.amzn2023.0.2.noarch
    samba-pidl-4.17.5-0.amzn2023.0.2.noarch

src:
    samba-4.17.5-0.amzn2023.0.2.src

x86_64:
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-4.17.5-0.amzn2023.0.2.x86_64
    samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-debugsource-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-usershares-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

samba: before 4.17.5-0

CPE2.3 External links

http://alas.aws.amazon.com/AL2023/ALAS-2023-032.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Race condition

EUVDB-ID: #VU78991

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-20316

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to a race condition. A remote user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Update the affected packages:

aarch64:
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-debugsource-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.aarch64
    samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-usershares-4.17.5-0.amzn2023.0.2.aarch64

noarch:
    samba-common-4.17.5-0.amzn2023.0.2.noarch
    samba-pidl-4.17.5-0.amzn2023.0.2.noarch

src:
    samba-4.17.5-0.amzn2023.0.2.src

x86_64:
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-4.17.5-0.amzn2023.0.2.x86_64
    samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-debugsource-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-usershares-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

samba: before 4.17.5-0

CPE2.3 External links

http://alas.aws.amazon.com/AL2023/ALAS-2023-032.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Link following

EUVDB-ID: #VU59345

Risk: Low

CVSSv3.1: 2.3 [CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-43566

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to a symlink race condition when creating directories. A remote authenticated user can use SMB1 or NFS symlink race to create directories on the Unix filesystem outside of the share definition.

Successful exploitation of the vulnerability requites that the user has permissions to create folder in the target directory.

Mitigation

Update the affected packages:

aarch64:
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-debugsource-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.aarch64
    samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-usershares-4.17.5-0.amzn2023.0.2.aarch64

noarch:
    samba-common-4.17.5-0.amzn2023.0.2.noarch
    samba-pidl-4.17.5-0.amzn2023.0.2.noarch

src:
    samba-4.17.5-0.amzn2023.0.2.src

x86_64:
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-4.17.5-0.amzn2023.0.2.x86_64
    samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-debugsource-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-usershares-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

samba: before 4.17.5-0

CPE2.3 External links

http://alas.aws.amazon.com/AL2023/ALAS-2023-032.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Link following

EUVDB-ID: #VU60187

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-44141

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to insecure link following. A remote user with ability to write files to the exported part of the file system under a share via SMB1 unix extensions or via NFS can create a symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition.

Mitigation

Update the affected packages:

aarch64:
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-debugsource-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.aarch64
    samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-usershares-4.17.5-0.amzn2023.0.2.aarch64

noarch:
    samba-common-4.17.5-0.amzn2023.0.2.noarch
    samba-pidl-4.17.5-0.amzn2023.0.2.noarch

src:
    samba-4.17.5-0.amzn2023.0.2.src

x86_64:
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-4.17.5-0.amzn2023.0.2.x86_64
    samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-debugsource-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-usershares-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

samba: before 4.17.5-0

CPE2.3 External links

http://alas.aws.amazon.com/AL2023/ALAS-2023-032.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Insufficient verification of data authenticity

EUVDB-ID: #VU60185

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0336

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: No

Description

The vulnerability allows a local user to impersonate arbitrary services.

The vulnerability exists due to Samba AD DC relies only on SPN (service principals name) to identify services on the network. An attacker with ability to modify SPNs can bypass implemented protection and cause a denial of service condition by adding an SPN that matches an existing service or impersonate services on the network.

Mitigation

Update the affected packages:

aarch64:
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-debugsource-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.aarch64
    samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-usershares-4.17.5-0.amzn2023.0.2.aarch64

noarch:
    samba-common-4.17.5-0.amzn2023.0.2.noarch
    samba-pidl-4.17.5-0.amzn2023.0.2.noarch

src:
    samba-4.17.5-0.amzn2023.0.2.src

x86_64:
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-4.17.5-0.amzn2023.0.2.x86_64
    samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-debugsource-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-usershares-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

samba: before 4.17.5-0

CPE2.3 External links

http://alas.aws.amazon.com/AL2023/ALAS-2023-032.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use of insufficiently random values

EUVDB-ID: #VU67270

Risk: Low

CVSSv3.1: 3.1 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1615

CWE-ID: CWE-330 - Use of Insufficiently Random Values

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to usage of predictable random values within the GnuTLS gnutls_rnd() function. A remote user can decrypt sensitive information.

Mitigation

Update the affected packages:

aarch64:
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-debugsource-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.aarch64
    samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-usershares-4.17.5-0.amzn2023.0.2.aarch64

noarch:
    samba-common-4.17.5-0.amzn2023.0.2.noarch
    samba-pidl-4.17.5-0.amzn2023.0.2.noarch

src:
    samba-4.17.5-0.amzn2023.0.2.src

x86_64:
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-4.17.5-0.amzn2023.0.2.x86_64
    samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-debugsource-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-usershares-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

samba: before 4.17.5-0

CPE2.3 External links

http://alas.aws.amazon.com/AL2023/ALAS-2023-032.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Memory leak

EUVDB-ID: #VU65824

Risk: Low

CVSSv3.1: 3.6 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32742

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due memory leak when handling SMB1 requests. A remote user with ability to write data to a file share can force the application to leak memory and gain access to potentially sensitive information.

Mitigation

Update the affected packages:

aarch64:
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-debugsource-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.aarch64
    samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-usershares-4.17.5-0.amzn2023.0.2.aarch64

noarch:
    samba-common-4.17.5-0.amzn2023.0.2.noarch
    samba-pidl-4.17.5-0.amzn2023.0.2.noarch

src:
    samba-4.17.5-0.amzn2023.0.2.src

x86_64:
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-4.17.5-0.amzn2023.0.2.x86_64
    samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-debugsource-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-usershares-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

samba: before 4.17.5-0

CPE2.3 External links

http://alas.aws.amazon.com/AL2023/ALAS-2023-032.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Incorrect default permissions

EUVDB-ID: #VU67271

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32743

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to Samba does not validate the Validated-DNS-Host-Name for the dNSHostName attribute. A remote attacker can set an arbitrary hostname and perform MitM attack.

Mitigation

Update the affected packages:

aarch64:
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-debugsource-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.aarch64
    samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-usershares-4.17.5-0.amzn2023.0.2.aarch64

noarch:
    samba-common-4.17.5-0.amzn2023.0.2.noarch
    samba-pidl-4.17.5-0.amzn2023.0.2.noarch

src:
    samba-4.17.5-0.amzn2023.0.2.src

x86_64:
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-4.17.5-0.amzn2023.0.2.x86_64
    samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-debugsource-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-usershares-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

samba: before 4.17.5-0

CPE2.3 External links

http://alas.aws.amazon.com/AL2023/ALAS-2023-032.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

EUVDB-ID: #VU65827

Risk: Low

CVSSv3.1: 2.1 [CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32746

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error when handling LDAP requests. A remote user with ability to edit privileged properties, such as userAccountControl, can send a specially crafted LDAP request to the server, trigger a use-after-free error and perform a denial of service (DoS) attack.


Mitigation

Update the affected packages:

aarch64:
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-debugsource-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.aarch64
    samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-usershares-4.17.5-0.amzn2023.0.2.aarch64

noarch:
    samba-common-4.17.5-0.amzn2023.0.2.noarch
    samba-pidl-4.17.5-0.amzn2023.0.2.noarch

src:
    samba-4.17.5-0.amzn2023.0.2.src

x86_64:
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-4.17.5-0.amzn2023.0.2.x86_64
    samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-debugsource-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-usershares-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

samba: before 4.17.5-0

CPE2.3 External links

http://alas.aws.amazon.com/AL2023/ALAS-2023-032.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Heap-based buffer overflow

EUVDB-ID: #VU68701

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3437

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. A remote user can send specially crafted data to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.


Mitigation

Update the affected packages:

aarch64:
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-debugsource-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.aarch64
    samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-usershares-4.17.5-0.amzn2023.0.2.aarch64

noarch:
    samba-common-4.17.5-0.amzn2023.0.2.noarch
    samba-pidl-4.17.5-0.amzn2023.0.2.noarch

src:
    samba-4.17.5-0.amzn2023.0.2.src

x86_64:
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-4.17.5-0.amzn2023.0.2.x86_64
    samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-debugsource-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-usershares-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

samba: before 4.17.5-0

CPE2.3 External links

http://alas.aws.amazon.com/AL2023/ALAS-2023-032.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) UNIX symbolic link following

EUVDB-ID: #VU68700

Risk: Medium

CVSSv3.1: 4 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3592

CWE-ID: CWE-61 - UNIX Symbolic Link (Symlink) Following

Exploit availability: No

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue. A remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS can create symlinks to files outside of the smbd configured share path and access otherwise restricted files on the server. 

Mitigation

Update the affected packages:

aarch64:
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-debugsource-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.aarch64
    samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-usershares-4.17.5-0.amzn2023.0.2.aarch64

noarch:
    samba-common-4.17.5-0.amzn2023.0.2.noarch
    samba-pidl-4.17.5-0.amzn2023.0.2.noarch

src:
    samba-4.17.5-0.amzn2023.0.2.src

x86_64:
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-4.17.5-0.amzn2023.0.2.x86_64
    samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-debugsource-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-usershares-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

samba: before 4.17.5-0

CPE2.3 External links

http://alas.aws.amazon.com/AL2023/ALAS-2023-032.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU69094

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-37966

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows Kerberos RC4-HMAC. A remote attacker can conduct a man-in-middle (MiTM) attack, which leads to security restrictions bypass and privilege escalation.

Mitigation

Update the affected packages:

aarch64:
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-debugsource-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.aarch64
    samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-usershares-4.17.5-0.amzn2023.0.2.aarch64

noarch:
    samba-common-4.17.5-0.amzn2023.0.2.noarch
    samba-pidl-4.17.5-0.amzn2023.0.2.noarch

src:
    samba-4.17.5-0.amzn2023.0.2.src

x86_64:
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-4.17.5-0.amzn2023.0.2.x86_64
    samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-debugsource-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-usershares-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

samba: before 4.17.5-0

CPE2.3 External links

http://alas.aws.amazon.com/AL2023/ALAS-2023-032.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU69104

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-37967

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote administrator to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Kerberos, which leads to security restrictions bypass and privilege escalation.

Mitigation

Update the affected packages:

aarch64:
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-debugsource-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.aarch64
    samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-usershares-4.17.5-0.amzn2023.0.2.aarch64

noarch:
    samba-common-4.17.5-0.amzn2023.0.2.noarch
    samba-pidl-4.17.5-0.amzn2023.0.2.noarch

src:
    samba-4.17.5-0.amzn2023.0.2.src

x86_64:
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-4.17.5-0.amzn2023.0.2.x86_64
    samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-debugsource-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-usershares-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

samba: before 4.17.5-0

CPE2.3 External links

http://alas.aws.amazon.com/AL2023/ALAS-2023-032.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU69151

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-38023

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to security features bypass in Netlogon RPC. A remote attacker can bypass the Netlogon cryptography feature for signing and sealing traffic during Netlogon authentication.

Mitigation

Update the affected packages:

aarch64:
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-debugsource-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.aarch64
    samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-usershares-4.17.5-0.amzn2023.0.2.aarch64

noarch:
    samba-common-4.17.5-0.amzn2023.0.2.noarch
    samba-pidl-4.17.5-0.amzn2023.0.2.noarch

src:
    samba-4.17.5-0.amzn2023.0.2.src

x86_64:
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-4.17.5-0.amzn2023.0.2.x86_64
    samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-debugsource-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-usershares-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

samba: before 4.17.5-0

CPE2.3 External links

http://alas.aws.amazon.com/AL2023/ALAS-2023-032.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU70384

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-45141

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication.

The vulnerability exists due to an error that allows an attacker to force the server so issue an rc4-hmac ticket encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). A remote attacker can perform an offline attack against the ticket encrypted with rc4-hmac and login as a privileged user.

Mitigation

Update the affected packages:

aarch64:
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-debugsource-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-libs-4.17.5-0.amzn2023.0.2.aarch64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-4.17.5-0.amzn2023.0.2.aarch64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.aarch64
    samba-client-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.aarch64
    samba-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-4.17.5-0.amzn2023.0.2.aarch64
    samba-test-libs-4.17.5-0.amzn2023.0.2.aarch64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.aarch64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.aarch64
    samba-usershares-4.17.5-0.amzn2023.0.2.aarch64

noarch:
    samba-common-4.17.5-0.amzn2023.0.2.noarch
    samba-pidl-4.17.5-0.amzn2023.0.2.noarch

src:
    samba-4.17.5-0.amzn2023.0.2.src

x86_64:
    libwbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-4.17.5-0.amzn2023.0.2.x86_64
    samba-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-clients-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-debugsource-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-modules-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-client-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-test-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libnetapi-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-4.17.5-0.amzn2023.0.2.x86_64
    libwbclient-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-dc-libs-4.17.5-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-4.17.5-0.amzn2023.0.2.x86_64
    python3-samba-devel-4.17.5-0.amzn2023.0.2.x86_64
    samba-usershares-4.17.5-0.amzn2023.0.2.x86_64
    samba-krb5-printing-4.17.5-0.amzn2023.0.2.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

samba: before 4.17.5-0

CPE2.3 External links

http://alas.aws.amazon.com/AL2023/ALAS-2023-032.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###