Detections
Analytics

Ubuntu 20.04 LTS / 22.04 LTS : ldb vulnerability (USN-5992-1)

medium Nessus Plugin ID 173795

Language:

Synopsis

The remote Ubuntu host is missing a security update.

Description

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5992-1 advisory.

 - In Active Directory, there are essentially four different classes of attributes. - Secret attributes (such as a user, computer or domain trust password) that are never disclosed and are not available to search against over LDAP. This is a hard-coded list, and since Samba 4.8 these are additionally encrypted in the DB with a per-DB key. - Confidential attributes (marked as such in the schema) that have a default access restriction allowing access only to the owner of the object. While a Samba AD Domain makes these attributes available, thankfully by default it will not have any of these confidential attributes set, as they are only added by clients after configuration (typically via a GPO). Examples of confidential data stored in Active Directory include BitLocker recovery keys, TPM owner passwords, and certificate secret keys stored with Credential Roaming. - Access controlled attributes (for reads or writes), Samba will honour the access control specified in the ntSecurityDescriptor. - Public attributes for read. Most attributes in Active Directory are available to read by all authenticated users. Because the access control rules for a given attribute are not consistent between objects, Samba implemented access control restrictions only after matching objects against the filter. Taking each of the above classes in turn: - Secret attributes are prevented from disclosure firstly by redaction of the LDAP filter, and secondly by the fact that they are still encrypted during filter processing (by default). - Confidential and access controlled attributes were subject to an attack using LDAP filters. With this security patch, for attributes mentioned in the search filter, Samba will perform a per-object access control evaluation before LDAP filter matching on the attribute, preventing unauthorised disclosure of the value of (for example) BitLocker recovery keys. It is not expected that all similar attacks have been prevented, and it is likely still possible to determine if an object or attribute on an object is present, but not to obtain the contents. (CVE-2023-0614)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://ubuntu.com/security/notices/USN-5992-1

Plugin Details

Severity: Medium

ID: 173795

File Name: ubuntu_USN-5992-1.nasl

Version: 1.4

Type: local

Agent: unix

Published: 4/3/2023

Updated: 10/20/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N

CVSS Score Source: CVE-2023-0614

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:canonical:ubuntu_linux:22.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:libldb-dev, p-cpe:/a:canonical:ubuntu_linux:python3-ldb, p-cpe:/a:canonical:ubuntu_linux:libldb2, p-cpe:/a:canonical:ubuntu_linux:ldb-tools, p-cpe:/a:canonical:ubuntu_linux:python3-ldb-dev, cpe:/o:canonical:ubuntu_linux:20.04:-:lts

Required KB Items: Host/cpu, Host/Debian/dpkg-l, Host/Ubuntu, Host/Ubuntu/release

Exploit Ease: No known exploits are available

Patch Publication Date: 4/3/2023

Vulnerability Publication Date: 3/29/2023

Reference Information

CVE: CVE-2023-0614

USN: 5992-1