Lucene search

K
cloudfoundryCloud FoundryCFOUNDRY:83D666DA08AB5AD47E06D0BC8D192D14
HistoryNov 09, 2023 - 12:00 a.m.

USN-6425-1: Samba vulnerabilities | Cloud Foundry

2023-11-0900:00:00
Cloud Foundry
www.cloudfoundry.org
13
samba
canonical ubuntu
acl
dirsync
rpcecho
rpc
cloud foundry
samba vulnerabilities
medium severity
cve-2023-4091
cve-2023-4154
cve-2023-42669
cve-2023-42670

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

51.9%

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 22.04

Description

Sri Nagasubramanian discovered that the Samba acl_xattr VFS module incorrectly handled read-only files. When Samba is configured to ignore system ACLs, a remote attacker could possibly use this issue to truncate read-only files. (CVE-2023-4091) Andrew Bartlett discovered that Samba incorrectly handled the DirSync control. A remote attacker with an RODC DC account could possibly use this issue to obtain all domain secrets. (CVE-2023-4154) Andrew Bartlett discovered that Samba incorrectly handled the rpcecho development server. A remote attacker could possibly use this issue to cause Samba to stop responding, resulting in a denial of service. (CVE-2023-42669) Kirin van der Veer discovered that Samba incorrectly handled certain RPC service listeners. A remote attacker could possibly use this issue to cause Samba to start multiple incompatible RPC listeners, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04. (CVE-2023-42670) Update Instructions: Run sudo pro fix USN-6425-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libwbclient-dev – 2:4.15.13+dfsg-0ubuntu1.5 samba – 2:4.15.13+dfsg-0ubuntu1.5 libnss-winbind – 2:4.15.13+dfsg-0ubuntu1.5 libpam-winbind – 2:4.15.13+dfsg-0ubuntu1.5 libsmbclient – 2:4.15.13+dfsg-0ubuntu1.5 smbclient – 2:4.15.13+dfsg-0ubuntu1.5 winbind – 2:4.15.13+dfsg-0ubuntu1.5 samba-testsuite – 2:4.15.13+dfsg-0ubuntu1.5 python3-samba – 2:4.15.13+dfsg-0ubuntu1.5 samba-common-bin – 2:4.15.13+dfsg-0ubuntu1.5 libwbclient0 – 2:4.15.13+dfsg-0ubuntu1.5 samba-dsdb-modules – 2:4.15.13+dfsg-0ubuntu1.5 samba-dev – 2:4.15.13+dfsg-0ubuntu1.5 libsmbclient-dev – 2:4.15.13+dfsg-0ubuntu1.5 samba-vfs-modules – 2:4.15.13+dfsg-0ubuntu1.5 samba-common – 2:4.15.13+dfsg-0ubuntu1.5 registry-tools – 2:4.15.13+dfsg-0ubuntu1.5 samba-libs – 2:4.15.13+dfsg-0ubuntu1.5 ctdb – 2:4.15.13+dfsg-0ubuntu1.5 No subscription required

CVEs contained in this USN include: CVE-2023-4091, CVE-2023-4154, CVE-2023-42669, CVE-2023-42670.

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

  • cflinuxfs4
    • All versions prior to 1.42.0
  • CF Deployment
    • All versions prior to 32.15.0

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:

  • cflinuxfs4
    • Upgrade all versions to 1.42.0 or greater
  • CF Deployment
    • Upgrade all versions to 32.15.0 or greater

References

History

2023-11-09: Initial vulnerability report published.

Affected configurations

Vulners
Node
cloudfoundrygorouterRange<1.42.0
OR
cloudfoundrycf-deploymentRange<32.15.0
CPENameOperatorVersion
cflinuxfs4lt1.42.0
cf deploymentlt32.15.0

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

51.9%