Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2023-0225
HistoryApr 03, 2023 - 11:15 p.m.

CVE-2023-0225

2023-04-0323:15:06
Debian Security Bug Tracker
security-tracker.debian.org
29
samba
access check
dnshostname
attribute
directory
deletion
unix

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.003

Percentile

68.8%

A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.

OSVersionArchitecturePackageVersionFilename
Debian12allsamba< 2:4.17.7+dfsg-1samba_2:4.17.7+dfsg-1_all.deb
Debian11allsamba<= 2:4.13.13+dfsg-1~deb11u6samba_2:4.13.13+dfsg-1~deb11u6_all.deb
Debian999allsamba< 2:4.17.7+dfsg-1samba_2:4.17.7+dfsg-1_all.deb
Debian13allsamba< 2:4.17.7+dfsg-1samba_2:4.17.7+dfsg-1_all.deb

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.003

Percentile

68.8%