#VU74178 Permissions, Privileges, and Access Controls in Samba


Published: 2023-03-29

Vulnerability identifier: #VU74178

Vulnerability risk: Low

CVSSv3.1: 3.1 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0225

CWE-ID: CWE-264

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description

The vulnerability allows a remote user to delete certain attributes.

The vulnerability exists due to improper access restrictions. A remote unprivileged user can delete the "dnsHostname" attribute.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Samba: 4.17.0 - 4.17.6, 4.18.0

External links
http://www.samba.org/samba/security/CVE-2023-0225.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Gentoo update for Samba
Fedora 37 update for libldb, samba
Fedora 38 update for libldb, samba
Fedora 39 update for libldb, samba
openEuler 22.03 LTS SP1 update for samba
SUSE update for ldb, samba
SUSE update for ldb, samba
Multiple vulnerabilities in Samba