CVE-2023-4154Out-of-bounds Write in Samba

CWE-787Out-of-bounds WriteCWE-200Sensitive Information Exposure11 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 39.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SambaDebian Samba
Timeline
PublishedNov 7

Description

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating th

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

NVDsamba/samba4.0.04.17.12+2
debiandebian/samba< samba 2:4.17.12+dfsg-0+deb12u1 (bookworm)
Debiansamba/samba< 2:4.17.12+dfsg-0+deb12u1+2
Ubuntusamba/samba< 2:4.15.13+dfsg-0ubuntu0.20.04.7+3

Patches

Patch: bugzilla.samba.orgPatch: bugzilla.samba.org

🔴Vulnerability Details

5
GHSA
GHSA-v5f6-rpxq-xvg8: A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Rea2023-11-07
OSV
CVE-2023-4154: A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Rea2023-11-07
OSV
samba vulnerabilities2023-10-17
OSV
samba regression2023-10-11
OSV
samba vulnerabilities2023-10-10

📋Vendor Advisories

5
Ubuntu
Samba vulnerabilities2023-10-17
Ubuntu
Samba regression2023-10-11
Ubuntu
Samba vulnerabilities2023-10-10
Red Hat
samba: AD DC password exposure to privileged users and RODCs2023-10-10
Debian
CVE-2023-4154: samba - A design flaw was found in Samba's DirSync control implementation, which exposes...2023
CVE-2023-4154 — Out-of-bounds Write in Samba | cvebase