Lucene search

K

GoogleOSV:ALSA-2023:4328

HistoryJul 31, 2023 - 12:00 a.m.

Moderate: samba security and bug fix update

2023-07-3100:00:00

Google

osv.dev

5

samba

security

bug fix

smb

protocol

vulnerability

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.9%

Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.

Security Fix(es):

samba: SMB2 packet signing is not enforced when “server signing = required” is set (CVE-2023-3347)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

The trust relationship between this workstation and the primary domain failed (BZ#2223601)

References

access.redhat.com/errata/RHSA-2023:4328

access.redhat.com/security/cve/CVE-2023-3347

bugzilla.redhat.com/2222792

errata.almalinux.org/8/ALSA-2023-4328.html

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.9%

Related for OSV:ALSA-2023:4328

redhat2 oraclelinux2 samba1 redhatcve1 nessus16 debiancve1 almalinux2 cvelist1 osv4 openvas8 veracode1 ubuntucve1 nvd1 prion1 cve1 ibm1 fedora2 cloudfoundry1 freebsd1 mageia1 redos1 ubuntu1 slackware1 debian1 gentoo1 hp1