Bug 903621 (CVE-2023-0225, CVE-2023-0614, CVE-2023-0922)

Summary:	<net-fs/samba-{4.16.10, 4.17.8, 4.18.3}: multiple vulnerabilities
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	ole+gentoo, samba
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://lists.samba.org/archive/samba-announce/2023/000633.html
Whiteboard:	B4 [stable+]
Package list:		Runtime testing required:	---
Bug Depends on:	906104, 907829, 908275
Bug Blocks:

Description John Helmert III archtester

2023-03-31 04:14:38 UTC

"This are security releases in order to address the following defects:

o CVE-2023-0225: An incomplete access check on dnsHostName allows
authenticated
                 but otherwise unprivileged users to delete this attribute
from
                 any object in the directory.
https://www.samba.org/samba/security/CVE-2023-0225.html

o CVE-2023-0922: The Samba AD DC administration tool, when operating against a
                 remote LDAP server, will by default send new or reset
                 passwords over a signed-only connection.
https://www.samba.org/samba/security/CVE-2023-0922.html

o CVE-2023-0614: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919
                 Confidential attribute disclosure via LDAP filters was
                 insufficient and an attacker may be able to obtain
                 confidential BitLocker recovery keys from a Samba AD DC.
                 Installations with such secrets in their Samba AD should
                 assume they have been obtained and need replacing.
https://www.samba.org/samba/security/CVE-2023-0614.html"

Comment 1 Adrian Bassett 2023-05-06 15:33:30 UTC

These CVEs appear to have been fixed in 4.18.1, released 29th March, see https://www.samba.org/samba/history/

However, more recent is 4.18.2 which was released Apr 19, 2023;  release notes at https://www.samba.org/samba/history/samba-4.18.2.html

Comment 2 Krzysztof Olędzki 2023-05-16 04:44:51 UTC

In addition to bumping 4.17 (to 4.17.8) - https://bugs.gentoo.org/906104 and presumably 4.18 (to 4.18.2) and 4.16 (to 4.16.10) we may also want to drop 4.15 given it is marked as EOL per https://wiki.samba.org/index.php/Samba_Release_Planning

Comment 3 Larry the Git Cow gentoo-dev

2023-09-17 05:56:57 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=5bfe8198b2352fa0ac46dbc59d078650dc544a7e

commit 5bfe8198b2352fa0ac46dbc59d078650dc544a7e
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-09-17 05:56:23 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-09-17 05:56:46 +0000

    [ GLSA 202309-06 ] Samba: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/820566
    Bug: https://bugs.gentoo.org/821688
    Bug: https://bugs.gentoo.org/830983
    Bug: https://bugs.gentoo.org/832433
    Bug: https://bugs.gentoo.org/861512
    Bug: https://bugs.gentoo.org/866225
    Bug: https://bugs.gentoo.org/869122
    Bug: https://bugs.gentoo.org/878273
    Bug: https://bugs.gentoo.org/880437
    Bug: https://bugs.gentoo.org/886153
    Bug: https://bugs.gentoo.org/903621
    Bug: https://bugs.gentoo.org/905320
    Bug: https://bugs.gentoo.org/910334
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202309-06.xml | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 86 insertions(+)