Lucene search

K
mageiaGentoo FoundationMGASA-2023-0127
HistoryApr 07, 2023 - 12:20 a.m.

Updated ldb/samba packages fix security vulnerability

2023-04-0700:20:12
Gentoo Foundation
advisories.mageia.org
24
security vulnerability
updated packages
ad dc
dns attribute
read access
ldap attributes
cleartext password
unix

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.003 Low

EPSS

Percentile

67.8%

Deletion of AD DC “dnsHostname” attribute by unprivileged authenticated users (CVE-2023-0225) Read access controlled AD LDAP attributes (CVE-2023-0614) Cleartext password sending by AD DC admin tool (CVE-2023-0922)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchldb< 2.5.3-1ldb-2.5.3-1.mga8
Mageia8noarchsamba< 4.16.10-1samba-4.16.10-1.mga8

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.003 Low

EPSS

Percentile

67.8%