8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
51.4%
4.16.9-alt1 built March 2, 2023 Evgeny Sinelnikov in task #315490
Feb. 20, 2023 Evgeny Sinelnikov
- Update to maintenance release of Samba 4.16
- Security fixes:
+ CVE-2022-38023: Samba should refuse RC4 (aka md5) based SChannel on
NETLOGON (Samba#15240).
- Major fixes:
+ smbc_getxattr() return value is incorrect (Samba#14808).
+ samba-tool gpo listall fails IPv6 only - finddcs() fails to find DC when
there is only an AAAA record for the DC in DNS (Samba#15226).
+ smbd crashes if an FSCTL request is done on a stream handle (Samba#15236).
+ auth3_generate_session_info_pac leaks wbcAuthUserInfo (Samba#15286).
+ Leak in wbcCtxPingDc2 (Samba#15164).
+ irpc_destructor may crash during shutdown (Samba#15280).
- Share enumeration (netshareenum) fixes:
+ %U for include directive doesn't work for share listing (Samba#15243).
+ Shares missing from netshareenum response in samba 4.17.4 (Samba#15266).
+ Access based share enum does not work in Samba 4.16+ (Samba#15265).
+ Crash during share enumeration (Samba#15267).
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
51.4%