40 matches found
Astra Linux - уязвимость в samba
A design flaw was identified in Samba’s DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users with the GETCHANGES permission to access all attributes, including sensitive...
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2024-1408)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GLSA-202402-28 : Samba: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202402-28 Samba: Multiple Vulnerabilities - An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and...
EulerOS 2.0 SP11 : samba (EulerOS-SA-2023-3258)
According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS...
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2023-3258)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6425-1: Samba vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Sri Nagasubramanian discovered that the Samba aclxattr VFS module incorrectly handled read-only files. When Samba is configured to ignore system ACLs, a remote attacker could possibly use this issue to...
CVE-2023-4154
A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users possessing the GETCHANGES right to access all attributes, including sensitive...
CVE-2023-4154
A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users possessing the GETCHANGES right to access all attributes, including sensitive...
ALPINE-CVE-2023-4154
A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users possessing the GETCHANGES right to access all attributes, including sensitive...
AZL-37026 CVE-2023-4154 affecting package samba 4.18.3-2
A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users possessing the GETCHANGES right to access all attributes, including sensitive...
CVE-2023-4154
A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users possessing the GETCHANGES right to access all attributes, including sensitive...
AZL-31955 CVE-2023-4154 affecting package samba 4.12.5-7
A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users possessing the GETCHANGES right to access all attributes, including sensitive...
DEBIAN-CVE-2023-4154
A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users possessing the GETCHANGES right to access all attributes, including sensitive...
Design/Logic Flaw
A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users possessing the GETCHANGES right to access all attributes, including sensitive...
CVE-2023-4154
Samba CVE-2023-4154 describes a DirSync control flaw that exposes domain passwords/secrets to privileged users and RODCs, allowing access to all attributes (including krbtgt) and potentially bypassing the RODC/DC boundary. Exploitation is indicated as network-exploitable with low privileges and n...
CVE-2023-4154
A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users possessing the GETCHANGES right to access all attributes, including sensitive...
The vulnerability of the DirSync synchronization mechanism in the Samba networking communication software package allows a intruder to gain unauthorized access to protected information and enhance their privileges.
The vulnerability of the DirSync synchronization mechanism in the Samba networking communication software package is related to insufficient protection of service data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information and...
Privilege Escalation
samba is vulnerable to Privilege Escalation. A design flaw in the Samba DirSync control implementation that exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs allows RODCs and users possessing the GETCHANGES right to access all attributes,...
SUSE CVE-2023-4154
A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users possessing the GETCHANGES right to access all attributes, including sensitive...
USN-6425-2: Samba regression
USN-6425-1 fixed vulnerabilities in Samba. Due to a build issue on Ubuntu 20.04 LTS, the update introduced regressions in macro handling and possibly other functionality. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Sri Nagasubramanian discovered...