cvelistv5 - cve-2023-4154

URL	Tags
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2023-4154	Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2241883	Issue Tracking
secalert@redhat.com	https://bugzilla.samba.org/show_bug.cgi?id=15424	Issue Tracking, Patch
secalert@redhat.com	https://security.netapp.com/advisory/ntap-20231124-0002/
secalert@redhat.com	https://www.samba.org/samba/security/CVE-2023-4154.html	Vendor Advisory

▼	Vendor	Product
	n/a	samba
	Red Hat	Red Hat Enterprise Linux 6
	Red Hat	Red Hat Enterprise Linux 6
	Red Hat	Red Hat Enterprise Linux 7
	Red Hat	Red Hat Enterprise Linux 8
	Red Hat	Red Hat Enterprise Linux 9
	Red Hat	Red Hat Storage 3
	Fedora	Fedora

gsd-2023-4154

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence.

Aliases

CVE-2023-4154

Aliases

CVE-2023-4154

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-4154",
    "id": "GSD-2023-4154"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-4154"
      ],
      "details": "A design flaw was found in Samba\u0027s DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence.",
      "id": "GSD-2023-4154",
      "modified": "2023-12-13T01:20:26.801923Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2023-4154",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "samba",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "versions": [
                              {
                                "status": "unaffected",
                                "version": "4.19.1"
                              },
                              {
                                "status": "unaffected",
                                "version": "4.18.8"
                              },
                              {
                                "status": "unaffected",
                                "version": "4.17.12"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            },
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Red Hat Enterprise Linux 6",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        },
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 7",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 8",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 9",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Storage 3",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Red Hat"
            },
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Fedora",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected"
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Fedora"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A design flaw was found in Samba\u0027s DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-787",
                "lang": "eng",
                "value": "Out-of-bounds Write"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://access.redhat.com/security/cve/CVE-2023-4154",
            "refsource": "MISC",
            "url": "https://access.redhat.com/security/cve/CVE-2023-4154"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2241883",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241883"
          },
          {
            "name": "https://bugzilla.samba.org/show_bug.cgi?id=15424",
            "refsource": "MISC",
            "url": "https://bugzilla.samba.org/show_bug.cgi?id=15424"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20231124-0002/",
            "refsource": "MISC",
            "url": "https://security.netapp.com/advisory/ntap-20231124-0002/"
          },
          {
            "name": "https://www.samba.org/samba/security/CVE-2023-4154.html",
            "refsource": "MISC",
            "url": "https://www.samba.org/samba/security/CVE-2023-4154.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F1CC08E7-E96D-4475-ACB6-22CDF280913E",
                    "versionEndExcluding": "4.17.12",
                    "versionStartIncluding": "4.0.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "8A33312F-1523-4647-83DA-6DD6231906F9",
                    "versionEndExcluding": "4.18.8",
                    "versionStartIncluding": "4.18.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DE496104-DDB5-4709-8026-C83E99B0C865",
                    "versionEndExcluding": "4.19.1",
                    "versionStartIncluding": "4.19.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "A design flaw was found in Samba\u0027s DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence."
          },
          {
            "lang": "es",
            "value": "Se encontr\u00f3 una falla de dise\u00f1o en la implementaci\u00f3n del control DirSync de Samba, que expone contrase\u00f1as y secretos en Active Directory a usuarios privilegiados y Controladores de Dominio de Solo Lectura (RODC). Esta falla permite a los RODC y a los usuarios que poseen el derecho GET_CHANGES acceder a todos los atributos, incluidos secretos y contrase\u00f1as confidenciales. Incluso en una configuraci\u00f3n predeterminada, las cuentas RODC DC, que solo deber\u00edan replicar algunas contrase\u00f1as, pueden obtener acceso a todos los secretos del dominio, incluido el vital krbtgt, eliminando efectivamente la distinci\u00f3n RODC/DC. Adem\u00e1s, la vulnerabilidad no tiene en cuenta las condiciones de error (fallo de apertura), como situaciones de falta de memoria, lo que potencialmente otorga acceso a atributos secretos, incluso bajo la influencia de un atacante con pocos privilegios."
          }
        ],
        "id": "CVE-2023-4154",
        "lastModified": "2023-12-29T05:15:08.850",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.6,
              "impactScore": 5.9,
              "source": "secalert@redhat.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2023-11-07T20:15:08.683",
        "references": [
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-4154"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Issue Tracking"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241883"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Issue Tracking",
              "Patch"
            ],
            "url": "https://bugzilla.samba.org/show_bug.cgi?id=15424"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://security.netapp.com/advisory/ntap-20231124-0002/"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2023-4154.html"
          }
        ],
        "sourceIdentifier": "secalert@redhat.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-787"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-787"
              }
            ],
            "source": "secalert@redhat.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

ghsa-v5f6-rpxq-xvg8

Vulnerability from github

Published

2023-11-07 21:30

Modified

2023-11-07 21:30

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-4154"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-07T20:15:08Z",
    "severity": "HIGH"
  },
  "details": "A design flaw was found in Samba\u0027s DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence.",
  "id": "GHSA-v5f6-rpxq-xvg8",
  "modified": "2023-11-07T21:30:24Z",
  "published": "2023-11-07T21:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4154"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-4154"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241883"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.samba.org/show_bug.cgi?id=15424"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20231124-0002"
    },
    {
      "type": "WEB",
      "url": "https://www.samba.org/samba/security/CVE-2023-4154.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

wid-sec-w-2023-2620

Vulnerability from csaf_certbund

Published

2023-10-10 22:00

Modified

2024-04-22 22:00

Summary

Samba: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Samba ist eine Open Source Software Suite, die Druck- und Dateidienste für SMB/CIFS Clients implementiert.

Angriff

Ein entfernter anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Samba ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen.

Betroffene Betriebssysteme

- Linux - UNIX

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Samba ist eine Open Source Software Suite, die Druck- und Dateidienste f\u00fcr SMB/CIFS Clients implementiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Samba ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2620 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2620.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2620 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2620"
      },
      {
        "category": "external",
        "summary": "QNAP Security Advisory QSA-23-20 vom 2023-12-08",
        "url": "https://www.qnap.com/de-de/security-advisory/QSA-23-20"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202402-28 vom 2024-02-19",
        "url": "https://security.gentoo.org/glsa/202402-28"
      },
      {
        "category": "external",
        "summary": "Samba release notes 4.19.1 vom 2023-10-10",
        "url": "https://www.samba.org/samba/history/samba-4.19.1.html"
      },
      {
        "category": "external",
        "summary": "Samba release notes 4.18.8 vom 2023-10-10",
        "url": "https://www.samba.org/samba/history/samba-4.18.8.html"
      },
      {
        "category": "external",
        "summary": "Samba release notes 4.17.12 vom 2023-10-10",
        "url": "https://www.samba.org/samba/history/samba-4.17.12.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6425-1 vom 2023-10-10",
        "url": "https://ubuntu.com/security/notices/USN-6425-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4040-1 vom 2023-10-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016619.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4046-1 vom 2023-10-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016626.html"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-99444E494B vom 2023-10-11",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-99444e494b"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6425-2 vom 2023-10-11",
        "url": "https://ubuntu.com/security/notices/USN-6425-2"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5525 vom 2023-10-12",
        "url": "https://www.debian.org/security/2023/dsa-5525"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-FFF0C857D6 vom 2023-10-11",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-fff0c857d6"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-7EB8CBF1A5 vom 2023-10-11",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-7eb8cbf1a5"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4059-1 vom 2023-10-13",
        "url": "https://www.suse.com/support/update/announcement/2023/suse-su-20234059-1/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4096-1 vom 2023-10-17",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016714.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6425-3 vom 2023-10-17",
        "url": "https://ubuntu.com/security/notices/USN-6425-3"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:6209 vom 2023-10-31",
        "url": "https://access.redhat.com/errata/RHSA-2023:6209"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:6744 vom 2023-11-07",
        "url": "https://access.redhat.com/errata/RHSA-2023:6744"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-6744 vom 2023-11-16",
        "url": "https://linux.oracle.com/errata/ELSA-2023-6744.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:7408 vom 2023-11-21",
        "url": "https://access.redhat.com/errata/RHSA-2023:7408"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:7371 vom 2023-11-21",
        "url": "https://access.redhat.com/errata/RHSA-2023:7371"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:7464 vom 2023-11-23",
        "url": "https://access.redhat.com/errata/RHSA-2023:7464"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:7467 vom 2023-11-23",
        "url": "https://access.redhat.com/errata/RHSA-2023:7467"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-7467 vom 2023-11-27",
        "url": "https://linux.oracle.com/errata/ELSA-2023-7467.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2023-2367 vom 2023-12-05",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2367.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2023-1896 vom 2023-12-05",
        "url": "https://www.cybersecurity-help.cz/vdb/SB2023120539"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5647 vom 2024-03-24",
        "url": "https://lists.debian.org/debian-security-announce/2024/msg00055.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7145367 vom 2024-03-27",
        "url": "https://www.ibm.com/support/pages/node/7145367"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7148094 vom 2024-04-11",
        "url": "https://www.ibm.com/support/pages/node/7148094"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3792 vom 2024-04-22",
        "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Samba: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-04-22T22:00:00.000+00:00",
      "generator": {
        "date": "2024-04-23T08:03:44.961+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2023-2620",
      "initial_release_date": "2023-10-10T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-10-10T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-10-11T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Fedora, Ubuntu und Debian aufgenommen"
        },
        {
          "date": "2023-10-12T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-10-17T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
        },
        {
          "date": "2023-10-31T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-11-07T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-11-16T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2023-11-21T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-11-22T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-11-27T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2023-12-04T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2023-12-05T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2023-12-10T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von QNAP aufgenommen"
        },
        {
          "date": "2024-02-18T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Gentoo aufgenommen"
        },
        {
          "date": "2024-03-24T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-03-27T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-04-11T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-04-22T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Debian aufgenommen"
        }
      ],
      "status": "final",
      "version": "18"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.5",
                "product": {
                  "name": "IBM QRadar SIEM 7.5",
                  "product_id": "T022954",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:qradar_siem:7.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.5.0 UP8",
                "product": {
                  "name": "IBM QRadar SIEM \u003c7.5.0 UP8",
                  "product_id": "T033681",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up8"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "QRadar SIEM"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c4.19.1",
                "product": {
                  "name": "Open Source Samba \u003c4.19.1",
                  "product_id": "T030418",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:samba:samba:4.19.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.18.8",
                "product": {
                  "name": "Open Source Samba \u003c4.18.8",
                  "product_id": "T030419",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:samba:samba:4.18.8"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.17.12",
                "product": {
                  "name": "Open Source Samba \u003c4.17.12",
                  "product_id": "T030420",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:samba:samba:4.17.12"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Samba"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "QNAP NAS",
            "product": {
              "name": "QNAP NAS",
              "product_id": "T017100",
              "product_identification_helper": {
                "cpe": "cpe:/h:qnap:nas:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "QNAP"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-3961",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Samba. Dieser Fehler existiert im smbd, der Client-Zugriff auf Unix-Domain-Sockets im Dateisystem erlaubt. Ein entfernter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T033681",
          "398363",
          "T012167",
          "T004914",
          "74185",
          "T017100"
        ]
      },
      "release_date": "2023-10-10T22:00:00Z",
      "title": "CVE-2023-3961"
    },
    {
      "cve": "CVE-2023-4091",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Samba. Dieser Fehler besteht in der SMB-Komponente, die es Benutzern erm\u00f6glicht, Dateien auf 0 Bytes abzuschneiden, indem sie Dateien mit OVERWRITE-Verf\u00fcgung \u00f6ffnen, wenn sie das Samba-VFS-Modul acl_xattr verwenden. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T033681",
          "398363",
          "T012167",
          "T004914",
          "74185",
          "T017100"
        ]
      },
      "release_date": "2023-10-10T22:00:00Z",
      "title": "CVE-2023-4091"
    },
    {
      "cve": "CVE-2023-4154",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Samba. Dieser Fehler besteht, weil ein RODC oder ein Benutzer mit den GET_CHANGES-Rechten alle Attribute, einschlie\u00dflich Geheimnisse und Passw\u00f6rter, einsehen kann. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T033681",
          "398363",
          "T012167",
          "T004914",
          "74185",
          "T017100"
        ]
      },
      "release_date": "2023-10-10T22:00:00Z",
      "title": "CVE-2023-4154"
    },
    {
      "cve": "CVE-2023-42669",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Samba. Dieser Fehler besteht im \"rpcecho\"-Entwicklungsserver aufgrund einer unsachgem\u00e4\u00dfen Einschr\u00e4nkung der bereitgestellten \"worker\". Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T033681",
          "398363",
          "T012167",
          "T004914",
          "74185",
          "T017100"
        ]
      },
      "release_date": "2023-10-10T22:00:00Z",
      "title": "CVE-2023-42669"
    },
    {
      "cve": "CVE-2023-42670",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Samba. Dieser Fehler besteht im AD DC, der den Start mehrerer inkompatibler RPC-Listener erzwingen kann, was zu einer Unterbrechung des Dienstes f\u00fchrt. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022954",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T033681",
          "398363",
          "T012167",
          "T004914",
          "74185",
          "T017100"
        ]
      },
      "release_date": "2023-10-10T22:00:00Z",
      "title": "CVE-2023-42670"
    }
  ]
}

wid-sec-w-2024-0523

Vulnerability from csaf_certbund

Published

2024-02-29 23:00

Modified

2024-02-29 23:00

Summary

SolarWinds Security Event Manager: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

SolarWinds Security Event Manager ist eine Lösung zur Analyse von Protokolldaten.

Angriff

Ein entfernter, anonymer oder authentifizierter Angreifer kann mehrere Schwachstellen in SolarWinds Security Event Manager ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen preiszugeben und einen Denial-of-Service-Zustand zu verursachen.

Betroffene Betriebssysteme

- UNIX - Linux - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "SolarWinds Security Event Manager ist eine L\u00f6sung zur Analyse von Protokolldaten.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentifizierter Angreifer kann mehrere Schwachstellen in SolarWinds Security Event Manager ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen preiszugeben und einen Denial-of-Service-Zustand zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0523 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0523.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0523 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0523"
      },
      {
        "category": "external",
        "summary": "Github Security Advisory vom 2024-02-29",
        "url": "https://github.com/advisories/GHSA-3fj5-f9x9-2hvx"
      },
      {
        "category": "external",
        "summary": "Solarwinds Release Notes vom 2024-02-29",
        "url": "https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2023-4-1_release_notes.htm"
      }
    ],
    "source_lang": "en-US",
    "title": "SolarWinds Security Event Manager: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-02-29T23:00:00.000+00:00",
      "generator": {
        "date": "2024-03-01T12:35:55.234+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2024-0523",
      "initial_release_date": "2024-02-29T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-02-29T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 2023.4.1",
                "product": {
                  "name": "SolarWinds Security Event Manager \u003c 2023.4.1",
                  "product_id": "T033207",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:solarwinds:security_event_manager:2023.4.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Security Event Manager"
          }
        ],
        "category": "vendor",
        "name": "SolarWinds"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-0692",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in SolarWinds Security Event Manager. Ein entfernter, anonymer Angreifer aus dem lokalen Netzwerk kann diese Schwachstelle zur Ausf\u00fchrung von beliebigem Code ausnutzen."
        }
      ],
      "release_date": "2024-02-29T23:00:00Z",
      "title": "CVE-2024-0692"
    },
    {
      "cve": "CVE-2023-48795",
      "notes": [
        {
          "category": "description",
          "text": "Im SolarWinds Security Event Manager gibt es mehrere Schwachstellen in Third Party Applications. Die Schwachstellen bestehen in den Komponenten Samba und SSH aufgrund eines m\u00f6glichen Terrapin-Angriffs, einer Pfadumgehung, einer defekten Zugriffskontrolle und St\u00f6rungen im AD DC-Dienst. Ein anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen."
        }
      ],
      "release_date": "2024-02-29T23:00:00Z",
      "title": "CVE-2023-48795"
    },
    {
      "cve": "CVE-2023-42670",
      "notes": [
        {
          "category": "description",
          "text": "Im SolarWinds Security Event Manager gibt es mehrere Schwachstellen in Third Party Applications. Die Schwachstellen bestehen in den Komponenten Samba und SSH aufgrund eines m\u00f6glichen Terrapin-Angriffs, einer Pfadumgehung, einer defekten Zugriffskontrolle und St\u00f6rungen im AD DC-Dienst. Ein anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen."
        }
      ],
      "release_date": "2024-02-29T23:00:00Z",
      "title": "CVE-2023-42670"
    },
    {
      "cve": "CVE-2023-4154",
      "notes": [
        {
          "category": "description",
          "text": "Im SolarWinds Security Event Manager gibt es mehrere Schwachstellen in Third Party Applications. Die Schwachstellen bestehen in den Komponenten Samba und SSH aufgrund eines m\u00f6glichen Terrapin-Angriffs, einer Pfadumgehung, einer defekten Zugriffskontrolle und St\u00f6rungen im AD DC-Dienst. Ein anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen."
        }
      ],
      "release_date": "2024-02-29T23:00:00Z",
      "title": "CVE-2023-4154"
    },
    {
      "cve": "CVE-2023-3961",
      "notes": [
        {
          "category": "description",
          "text": "Im SolarWinds Security Event Manager gibt es mehrere Schwachstellen in Third Party Applications. Die Schwachstellen bestehen in den Komponenten Samba und SSH aufgrund eines m\u00f6glichen Terrapin-Angriffs, einer Pfadumgehung, einer defekten Zugriffskontrolle und St\u00f6rungen im AD DC-Dienst. Ein anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen."
        }
      ],
      "release_date": "2024-02-29T23:00:00Z",
      "title": "CVE-2023-3961"
    }
  ]
}

Action not permitted

cve-2023-4154

Vulnerability from cvelistv5

gsd-2023-4154

Vulnerability from gsd

ghsa-v5f6-rpxq-xvg8

Vulnerability from github

wid-sec-w-2023-2620

Vulnerability from csaf_certbund

wid-sec-w-2024-0523

Vulnerability from csaf_certbund

Tags