Björn Baumbach

**Name of the Vulnerable Software and Affected Versions** Samba versions 4.9 through 4.9.5 Samba versions 4.10.0 through 4.10.1 **Description** A vulnerability was found in Samba related to the creation of a new Samba AD DC. During this process, files are created in a private subdirectory of the install location with world-writable permissions, including a sample `krb5.conf` and the list of DNS names and `servicePrincipalName` values to update. This issue is associated with errors in access control. Exploitation of this vulnerability may allow an attacker to compromise data integrity and cause a denial of service. **Recommendations** For Samba versions 4.9 through 4.9.5, update to version 4.9.6 or later. For Samba versions 4.10.0 through 4.10.1, update to version 4.10.2 or later. As a temporary workaround, consider changing the permissions of the private subdirectory to mode 0700 to restrict access until a patch is applied. Restrict access to the world-writable files in the private directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Samba versions 4.0.0 and later **Description** The issue is related to the LDAP server in Samba, specifically when configured as an Active Directory domain controller. It incorrectly validates permissions to modify passwords over LDAP, allowing authenticated users to change any other users' passwords, including those of administrative users and privileged service accounts, such as Domain Controllers. This is due to deficiencies in the authorization mechanism. **Recommendations** For Samba versions 4.0.0 and later, consider restricting access to the LDAP server to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the ability of authenticated users to change passwords of other users. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samba versions 4.0.x through 4.0.10 Samba versions 4.1.x through 4.1.0 **Description** The issue is related to insufficient cryptographic protection mechanisms in Samba, allowing local users to obtain sensitive information. When LDAP or HTTP is provided over SSL, Samba uses world-readable permissions for a private key, enabling access to the key file and potentially allowing attackers to obtain confidential data. **Recommendations** For Samba versions 4.0.x through 4.0.10, update to version 4.0.11 or later. For Samba versions 4.1.x through 4.1.0, update to version 4.1.1 or later.