- 79/2023
- High
Samba has released security updates to fix several vulnerabilities in multiple Samba versions.
The addressed vulnerabilities could allow the remote attacker to perform several attacks such as: obtaining confidential BitLocker recovery keys from a Samba AD DC caused by an insufficient fix for confidential attribute disclosure vulnerability “CVE-2018-10919” using LDAP filters or deleting the “dnsHostname” attribute from any object in the directory caused by an incomplete access check on dnsHostName.
Sample of the addressed vulnerabilities:
Samba Information Disclosure Vulnerability (CVE-2023-0614):
- CVSS: 7.7
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Obtain Information
Vulnerabilities
List of vulnerabilities
- CVE-2023-0614
- CVE-2023-0225
- CVE-2023-0922
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.