ALT-PU-2023-3550-1
Package samba updated to version 4.17.7-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2020-00692
Уязвимость компонента Active Directory LDAP-сервера программ сетевого взаимодействия Samba, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным
BDU:2023-02011
Уязвимость утилиты samba-tool пакета программ сетевого взаимодействия Samba, позволяющая нарушителю получить несанкционированный доступ к устройству
BDU:2023-02012
Уязвимость пакета программ сетевого взаимодействия Samba, связанная с отсутствием защиты служебных данных, позволяющая нарушителю раскрыть защищаемую информацию
BDU:2023-02013
Уязвимость LDAP-сервера пакета программ сетевого взаимодействия Samba, позволяющая нарушителю удалить атрибут DNS-Host-Name из любого объекта в каталоге
Modified: 2024-11-21
CVE-2018-10919
The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.
- 105081
- 105081
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10919
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10919
- GLSA-202003-52
- GLSA-202003-52
- https://security.netapp.com/advisory/ntap-20180814-0001/
- https://security.netapp.com/advisory/ntap-20180814-0001/
- USN-3738-1
- USN-3738-1
- DSA-4271
- DSA-4271
- https://www.samba.org/samba/security/CVE-2018-10919.html
- https://www.samba.org/samba/security/CVE-2018-10919.html
Modified: 2024-11-18
CVE-2020-25720
A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator owns the object due to the lack of an Access Control List (ACL) at the time of creation and later being recognized as the 'creator owner.' The retained significant rights of the delegated administrator may not be well understood, potentially leading to unintended privilege escalation or security risks.
Modified: 2025-02-18
CVE-2023-0225
A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.
Modified: 2025-02-13
CVE-2023-0614
The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.
- FEDORA-2023-1c172e3264
- FEDORA-2023-1c172e3264
- GLSA-202309-06
- GLSA-202309-06
- https://security.netapp.com/advisory/ntap-20230406-0007/
- https://security.netapp.com/advisory/ntap-20230406-0007/
- https://www.samba.org/samba/security/CVE-2023-0614.html
- https://www.samba.org/samba/security/CVE-2023-0614.html
Modified: 2025-02-13
CVE-2023-0922
The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.
- FEDORA-2023-1c172e3264
- FEDORA-2023-1c172e3264
- GLSA-202309-06
- GLSA-202309-06
- https://security.netapp.com/advisory/ntap-20230406-0007/
- https://security.netapp.com/advisory/ntap-20230406-0007/
- https://www.samba.org/samba/security/CVE-2023-0922.html
- https://www.samba.org/samba/security/CVE-2023-0922.html
Closed bugs
Missing dependency for include