Lucene search

K
sambaSamba SecuritySAMBA:CVE-2023-0225
HistoryMar 29, 2023 - 12:00 a.m.

Samba AD DC "dnsHostname" attribute can be

2023-03-2900:00:00
Samba Security
www.samba.org
25
samba
active directory
dnshostname
ldap
security
patch
cve-2022-32743
samba 4.17.0
vulnerability
authentication
upgrade
ldap server
smb.conf
cve
vulnerability
unprivileged users
resolution

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.003

Percentile

68.8%

Description

In implementing the Validated dnsHostName permission check in Samba’s
Active Directory DC, and therefore applying correctly constraints on
the values of a dnsHostName value for a computer in a Samba domain
(CVE-2022-32743), the case where the dnsHostName is deleted, rather
than modified or added, was incorrectly handled.

Therefore, in Samba 4.17.0 and later an LDAP attribute value deletion
of the dnsHostName attribute became possible for authenticated but
otherwise unprivileged users, for any object.

Patch Availability

Patches addressing both these issues have been posted to:

https://www.samba.org/samba/security/

Additionally, Samba $VERSIONS have been issued
as security releases to correct the defect. Samba administrators are
advised to upgrade to these releases or apply the patch as soon
as possible.

CVSSv3 calculation

CVSS3.1:AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L (5.4)

Workaround

The AD DC LDAP server is a critical component of the AD DC, and it
should not be disabled. However it can be disabled by setting

server services = -ldap

in the smb.conf and restarting Samba

Credits

Originally reported by Lukas Mitter of codemanufaktur GmbH.

Patches provided by Joseph Sutton and Douglas Bagnall of Catalyst
and the Samba Team.

Advisory prepared by Andrew Bartlett of Catalyst and the Samba Team.

== Our Code, Our Bugs, Our Responsibility.
== The Samba Team

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.003

Percentile

68.8%