Detections
Analytics
Samba 4.x < 4.16.10 / 4.17.x < 4.17.7 / 4.18.x < 4.18.1 Multiple Vulnerabilities
medium Nessus Plugin ID 173912
Language:
Synopsis
The remote Samba server is potentially affected by multiple vulnerabilities.Description
The version of Samba running on the remote host is potentially affected by multiple vulnerabilities, as follows:- The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure via LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. (CVE-2023-0614)
- The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. (CVE-2023-0922)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Samba version 4.16.10, 4.17.7, or 4.18.1.See Also
https://www.samba.org/samba/history/security.html
Plugin Details
Severity: Medium
ID: 173912
File Name: samba_4_18_1.nasl
Version: 1.6
Type: remote
Family: Misc.
Published: 4/5/2023
Updated: 9/28/2023
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N
CVSS Score Source: CVE-2023-0614
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:samba:samba
Required KB Items: Settings/ParanoidReport, SMB/samba, SMB/NativeLanManager
Exploit Ease: No known exploits are available
Patch Publication Date: 3/29/2023
Vulnerability Publication Date: 3/29/2023
Reference Information
CVE: CVE-2023-0614, CVE-2023-0922
IAVA: 2023-A-0167-S