CVE-2023-3347
published 2023-07-20CVE-2023-3347: A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required"…
medium5.9CVSS 3.1
AVNACHPRNUINSUCNIHAN
A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | samba | < samba 2:4.17.10+dfsg-0+deb12u1 (bookworm) | samba 2:4.17.10+dfsg-0+deb12u1 (bookworm) |
| fedoraproject | fedora | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | storage | — | — |
| samba | samba | >= 0 < 2:4.17.10+dfsg-0+deb12u1 | 2:4.17.10+dfsg-0+deb12u1 |
| samba | samba | >= 0 < 2:4.18.5+dfsg-1 | 2:4.18.5+dfsg-1 |
| samba | samba | >= 0 < 2:4.18.5+dfsg-1 | 2:4.18.5+dfsg-1 |
| samba | samba | >= 0 < 2:4.15.13+dfsg-0ubuntu0.20.04.3 | 2:4.15.13+dfsg-0ubuntu0.20.04.3 |
| samba | samba | >= 0 < 2:4.15.13+dfsg-0ubuntu1.2 | 2:4.15.13+dfsg-0ubuntu1.2 |
| samba | samba | >= 4.17.0 < 4.17.10 | 4.17.10 |
| samba | samba | >= 4.18.0 < 4.18.5 | 4.18.5 |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
osv5.9MEDIUM