rpm package
suse/samba&distro=SUSE Linux Enterprise Module for Basesystem 15 SP4
pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-4154 | — | < 4.15.13+git.691.3d3cea0641-150400.3.31.1 | 4.15.13+git.691.3d3cea0641-150400.3.31.1 | Nov 7, 2023 | A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, inc | ||
| CVE-2023-42669 | — | < 4.15.13+git.691.3d3cea0641-150400.3.31.1 | 4.15.13+git.691.3d3cea0641-150400.3.31.1 | Nov 6, 2023 | A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with on | ||
| CVE-2023-4091 | — | < 4.15.13+git.691.3d3cea0641-150400.3.31.1 | 4.15.13+git.691.3d3cea0641-150400.3.31.1 | Nov 3, 2023 | A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client reque | ||
| CVE-2023-34968 | — | < 4.15.13+git.663.9c654e06cdb-150400.3.28.1 | 4.15.13+git.663.9c654e06cdb-150400.3.28.1 | Jul 20, 2023 | A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request | ||
| CVE-2023-34967 | — | < 4.15.13+git.663.9c654e06cdb-150400.3.28.1 | 4.15.13+git.663.9c654e06cdb-150400.3.28.1 | Jul 20, 2023 | A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in th | ||
| CVE-2023-34966 | — | < 4.15.13+git.663.9c654e06cdb-150400.3.28.1 | 4.15.13+git.663.9c654e06cdb-150400.3.28.1 | Jul 20, 2023 | An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements | ||
| CVE-2022-2127 | — | < 4.15.13+git.663.9c654e06cdb-150400.3.28.1 | 4.15.13+git.663.9c654e06cdb-150400.3.28.1 | Jul 20, 2023 | An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to | ||
| CVE-2023-0922 | — | < 4.15.13+git.636.53d93c5b9d6-150400.3.23.1 | 4.15.13+git.636.53d93c5b9d6-150400.3.23.1 | Apr 3, 2023 | The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. | ||
| CVE-2023-0614 | — | < 4.15.13+git.636.53d93c5b9d6-150400.3.23.1 | 4.15.13+git.636.53d93c5b9d6-150400.3.23.1 | Apr 3, 2023 | The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. | ||
| CVE-2023-0225 | — | < 4.15.13+git.636.53d93c5b9d6-150400.3.23.1 | 4.15.13+git.636.53d93c5b9d6-150400.3.23.1 | Apr 3, 2023 | A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. | ||
| CVE-2021-20251 | — | < 4.15.13+git.591.ab36624310c-150400.3.19.1 | 4.15.13+git.591.ab36624310c-150400.3.19.1 | Mar 6, 2023 | A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met. | ||
| CVE-2022-3437 | — | < 4.15.13+git.591.ab36624310c-150400.3.19.1 | 4.15.13+git.591.ab36624310c-150400.3.19.1 | Jan 12, 2023 | A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory w | ||
| CVE-2022-42898 | — | < 4.15.13+git.591.ab36624310c-150400.3.19.1 | 4.15.13+git.591.ab36624310c-150400.3.19.1 | Dec 25, 2022 | PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cau | ||
| CVE-2022-38023 | — | < 4.15.13+git.591.ab36624310c-150400.3.19.1 | 4.15.13+git.591.ab36624310c-150400.3.19.1 | Nov 9, 2022 | Netlogon RPC Elevation of Privilege Vulnerability | ||
| CVE-2022-37967 | — | < 4.15.13+git.591.ab36624310c-150400.3.19.1 | 4.15.13+git.591.ab36624310c-150400.3.19.1 | Nov 9, 2022 | Windows Kerberos Elevation of Privilege Vulnerability | ||
| CVE-2022-37966 | — | < 4.15.13+git.591.ab36624310c-150400.3.19.1 | 4.15.13+git.591.ab36624310c-150400.3.19.1 | Nov 9, 2022 | Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability | ||
| CVE-2022-32743 | — | < 4.15.8+git.527.8d0c05d313e-150400.3.14.1 | 4.15.8+git.527.8d0c05d313e-150400.3.14.1 | Sep 1, 2022 | Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. | ||
| CVE-2022-1615 | — | < 4.15.8+git.527.8d0c05d313e-150400.3.14.1 | 4.15.8+git.527.8d0c05d313e-150400.3.14.1 | Sep 1, 2022 | In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. | ||
| CVE-2022-32746 | — | < 4.15.8+git.500.d5910280cc7-150400.3.11.1 | 4.15.8+git.500.d5910280cc7-150400.3.11.1 | Aug 25, 2022 | A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAc | ||
| CVE-2022-32745 | — | < 4.15.8+git.500.d5910280cc7-150400.3.11.1 | 4.15.8+git.500.d5910280cc7-150400.3.11.1 | Aug 25, 2022 | A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault. |
- CVE-2023-4154Nov 7, 2023affected < 4.15.13+git.691.3d3cea0641-150400.3.31.1fixed 4.15.13+git.691.3d3cea0641-150400.3.31.1
A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, inc
- CVE-2023-42669Nov 6, 2023affected < 4.15.13+git.691.3d3cea0641-150400.3.31.1fixed 4.15.13+git.691.3d3cea0641-150400.3.31.1
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with on
- CVE-2023-4091Nov 3, 2023affected < 4.15.13+git.691.3d3cea0641-150400.3.31.1fixed 4.15.13+git.691.3d3cea0641-150400.3.31.1
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client reque
- CVE-2023-34968Jul 20, 2023affected < 4.15.13+git.663.9c654e06cdb-150400.3.28.1fixed 4.15.13+git.663.9c654e06cdb-150400.3.28.1
A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request
- CVE-2023-34967Jul 20, 2023affected < 4.15.13+git.663.9c654e06cdb-150400.3.28.1fixed 4.15.13+git.663.9c654e06cdb-150400.3.28.1
A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in th
- CVE-2023-34966Jul 20, 2023affected < 4.15.13+git.663.9c654e06cdb-150400.3.28.1fixed 4.15.13+git.663.9c654e06cdb-150400.3.28.1
An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements
- CVE-2022-2127Jul 20, 2023affected < 4.15.13+git.663.9c654e06cdb-150400.3.28.1fixed 4.15.13+git.663.9c654e06cdb-150400.3.28.1
An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to
- CVE-2023-0922Apr 3, 2023affected < 4.15.13+git.636.53d93c5b9d6-150400.3.23.1fixed 4.15.13+git.636.53d93c5b9d6-150400.3.23.1
The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.
- CVE-2023-0614Apr 3, 2023affected < 4.15.13+git.636.53d93c5b9d6-150400.3.23.1fixed 4.15.13+git.636.53d93c5b9d6-150400.3.23.1
The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.
- CVE-2023-0225Apr 3, 2023affected < 4.15.13+git.636.53d93c5b9d6-150400.3.23.1fixed 4.15.13+git.636.53d93c5b9d6-150400.3.23.1
A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.
- CVE-2021-20251Mar 6, 2023affected < 4.15.13+git.591.ab36624310c-150400.3.19.1fixed 4.15.13+git.591.ab36624310c-150400.3.19.1
A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met.
- CVE-2022-3437Jan 12, 2023affected < 4.15.13+git.591.ab36624310c-150400.3.19.1fixed 4.15.13+git.591.ab36624310c-150400.3.19.1
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory w
- CVE-2022-42898Dec 25, 2022affected < 4.15.13+git.591.ab36624310c-150400.3.19.1fixed 4.15.13+git.591.ab36624310c-150400.3.19.1
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cau
- CVE-2022-38023Nov 9, 2022affected < 4.15.13+git.591.ab36624310c-150400.3.19.1fixed 4.15.13+git.591.ab36624310c-150400.3.19.1
Netlogon RPC Elevation of Privilege Vulnerability
- CVE-2022-37967Nov 9, 2022affected < 4.15.13+git.591.ab36624310c-150400.3.19.1fixed 4.15.13+git.591.ab36624310c-150400.3.19.1
Windows Kerberos Elevation of Privilege Vulnerability
- CVE-2022-37966Nov 9, 2022affected < 4.15.13+git.591.ab36624310c-150400.3.19.1fixed 4.15.13+git.591.ab36624310c-150400.3.19.1
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
- CVE-2022-32743Sep 1, 2022affected < 4.15.8+git.527.8d0c05d313e-150400.3.14.1fixed 4.15.8+git.527.8d0c05d313e-150400.3.14.1
Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.
- CVE-2022-1615Sep 1, 2022affected < 4.15.8+git.527.8d0c05d313e-150400.3.14.1fixed 4.15.8+git.527.8d0c05d313e-150400.3.14.1
In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.
- CVE-2022-32746Aug 25, 2022affected < 4.15.8+git.500.d5910280cc7-150400.3.11.1fixed 4.15.8+git.500.d5910280cc7-150400.3.11.1
A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAc
- CVE-2022-32745Aug 25, 2022affected < 4.15.8+git.500.d5910280cc7-150400.3.11.1fixed 4.15.8+git.500.d5910280cc7-150400.3.11.1
A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault.
Page 1 of 2