Headline
CVE-2023-3347: Samba - Security Announcement Archive
A vulnerability was found in Samba’s SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured “server signing = required” or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.
CVE-2023-3347.html:
============================================================ == Subject: SMB2 packet signing not enforced == == CVE ID#: CVE-2023-3347 == == Versions: All versions starting with 4.17.0. == == Summary: SMB2 packet signing is not enforced if an == admin configured “server signing = required” == or for SMB2 connections to Domain Controllers == where SMB2 packet signing is mandatory. ============================================================
=========== Description ===========
SMB2 packet signing is not enforced if an admin configured “server signing = required” or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory.
SMB2 packet signing is a mechanism that ensures the integrity and authenticity of data exchanged between a client and a server using the SMB2 protocol.
It provides protection against certain types of attacks, such as man-in-the-middle attacks, where an attacker intercepts network traffic and modifies the SMB2 messages.
Both client and server of an SMB2 connection can require that signing is being used. The server-side setting in Samba to configure signing to be required is "server signing = required". Note that on an Samba AD DCs this is also the default for all SMB2 connections.
Unless the client requires signing which would result in signing being used on the SMB2 connection, sensitive data might have been modified by an attacker.
Clients connecting to IPC$ on an AD DC will require signed connections being used, so the integrity of these connections was not affected.
================== Patch Availability ==================
Patches addressing both these issues have been posted to:
https://www.samba.org/samba/security/
Additionally, Samba 4.18.5, 4.17.10 and 4.16.11 have been issued as security releases to correct the defect. Samba administrators are advised to upgrade to these releases or apply the patch as soon as possible.
================== CVSSv3 calculation ==================
CVSS 3.1: AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N (6.8)
========== Workaround ==========
======= Credits =======
Originally reported by Andreas Schneider of the Samba team.
Patches provided by Ralph Boehme of the Samba team.
========================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ==========================================================
Related news
Gentoo Linux Security Advisory 202402-28 - Multiple vulnerabilities have been discovered in Samba, the worst of which can lead to remote code execution. Versions greater than or equal to 4.18.9 are affected.
Debian Linux Security Advisory 5477-1 - Several vulnerabilities have been discovered in Samba, which could result in information disclosure, denial of service or insufficient enforcement of security-relevant config directives.
Red Hat Security Advisory 2023-4325-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.
Red Hat Security Advisory 2023-4328-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.