Headline
Debian Security Advisory 5477-1
Debian Linux Security Advisory 5477-1 - Several vulnerabilities have been discovered in Samba, which could result in information disclosure, denial of service or insufficient enforcement of security-relevant config directives.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Debian Security Advisory DSA-5477-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
August 14, 2023 https://www.debian.org/security/faq
Package : samba
CVE ID : CVE-2022-2127 CVE-2023-3347 CVE-2023-34966 CVE-2023-34967
CVE-2023-34968
Debian Bug : 1041043
Several vulnerabilities have been discovered in Samba, which could result
in information disclosure, denial of service or insufficient enforcement
of security-relevant config directives.
The version of Samba in the oldstable distribution (bullseye) cannot be
fully supported further: If you are using Samba as a domain controller
you should either upgrade to the stable distribution or if that’s not
an immediate option consider to migrate to Samba from bullseye-backports
(which will be kept updated to the version in stable). Operating Samba
as a file/print server will continue to be supported, a separate DSA
will provide an update update along with documentation about the scope
of continued support.
For the stable distribution (bookworm), these problems have been fixed in
version 2:4.17.10+dfsg-0+deb12u1.
We recommend that you upgrade your samba packages.
For the detailed security status of samba please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/samba
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmTadJsACgkQEMKTtsN8
TjamWhAAr1DOVp9DBJATMyIq2Dqcv9O6x4ipPU/NE0oLG95m9b2kTgakUuj+wQLP
mVfbVi1n9IuRDWW16BH4b63gEx2Yvul4jDBJr42WzawBJVdnQhvNCUavmWgsdCiJ
jc8+bSAiYYN0p076G1AoIastRPoXGjX1tQ/b1iFHG8tC9qX6qCdJy7GFlPClQqYs
K0DdLLj1iz872rlL14zi4znHz3Gsf8d+TNmMVfMqG3aswHiYbrKd954c3/zv51zC
DSm85I6YSgi4+4oCLqJbjlfCFFV+68U5PW86XhPSjHBA6//cvFtIdxVjqisQtV6T
q+kPIMybAkdmG8Z+XLaPIOsBty957XMIYp0S84wTIX/MhlQ+Z6Jns5bU6yQJYN78
ZUqamCFGMEIPO7srQDUWEG77wOJ1Jvlj70sV7Zaz9XJkGlZamJsHMBE5rlg0glKr
gogApnCbiQgKwJcbYxjdM2CKPg8329J0Mt9HqQFxBQC0Ig005+7B+zZUMMpRdQni
HLRgZ4deBWAP3dowt/wSfcNgqOg2SyCKPm4nSllhkesXcJwUGPAktoRNhorxMqiN
dmOAvfYZu+HaPYKVnsdfsjUlI0Z0n+QTsaen48cAYNClNeLQySW3zpEkSqWkNJ/S
YCPU6KabOxeXFjl2LVUTy0FHdO4fnqZJo/egS0ydgkv0t8Iwja4=
=Roie
-----END PGP SIGNATURE-----
Related news
Red Hat Security Advisory 2024-4101-03 - An update for samba is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Gentoo Linux Security Advisory 202402-28 - Multiple vulnerabilities have been discovered in Samba, the worst of which can lead to remote code execution. Versions greater than or equal to 4.18.9 are affected.
Red Hat Security Advisory 2023-7139-01 - An update for samba, evolution-mapi, and openchangeis now available for Red Hat Enterprise Linux 8. Issues addressed include out of bounds read and path disclosure vulnerabilities.
A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967.
Red Hat Security Advisory 2023-4325-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.
Red Hat Security Advisory 2023-4328-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.
An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.
A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves.
A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path.
A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.
An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.