Vulnerability CVE-2023-0614: Information

Description

The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-0614
Published: April 4, 2023
Modified: Nov. 7, 2023
Error type identifier: CWE-312

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
sambasisyphus4.17.7-alt14.20.1-alt2ALT-PU-2023-1808-1317734Fixed
sambasisyphus_e2k4.17.7-alt14.20.1-alt1ALT-PU-2023-3545-1-Fixed
sambasisyphus_riscv644.17.7-alt14.20.1-alt2ALT-PU-2023-3550-1-Fixed
sambap104.16.10-alt14.19.6-alt2ALT-PU-2023-1618-1317735Fixed
sambap10_e2k4.16.10-alt14.19.6-alt2ALT-PU-2023-3193-1-Fixed
sambac10f14.16.10-alt14.16.11-alt2ALT-PU-2023-1618-1317735Fixed
sambac9f24.16.11-alt0.c9.14.14.14-alt0.c9.1ALT-PU-2024-8329-1334763In work
sambap114.17.7-alt14.20.1-alt1ALT-PU-2023-1808-1317734Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.samba.org/samba/security/CVE-2023-0614.html
  • Vendor Advisory
https://security.netapp.com/advisory/ntap-20230406-0007/
  • Third Party Advisory
GLSA-202309-06
    FEDORA-2023-1c172e3264

        1. Configuration 1

          cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
          Start including
          4.17.0
          End excliding
          4.17.7
          cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
          Start including
          4.0.0
          End excliding
          4.16.10
          cpe:2.3:a:samba:samba:4.18.0:-:*:*:*:*:*:*
          cpe:2.3:a:samba:samba:4.18.0:rc1:*:*:*:*:*:*
          cpe:2.3:a:samba:samba:4.18.0:rc3:*:*:*:*:*:*
          cpe:2.3:a:samba:samba:4.18.0:rc4:*:*:*:*:*:*
          cpe:2.3:a:samba:samba:4.18.0:rc2:*:*:*:*:*:*
      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
      Version: v24.5.3
      Back to top