PT-2023-2254 · Samba+6 · Samba+6

Demi Marie Obenour

Publicado

2023-03-29

Atualizado

2025-02-13

CVE-2023-0614

CVSS v3.1

7.7

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Samba versions prior to 4.6.16 Samba versions prior to 4.7.9 Samba versions prior to 4.8.4 Samba versions prior to 4.9.7

Description The issue is related to insufficient protection of service data, which may allow a remote attacker to disclose protected information. Specifically, an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC due to a problem with LDAP filters.

Recommendations For versions prior to 4.6.16, update to version 4.6.16 or later. For versions prior to 4.7.9, update to version 4.7.9 or later. For versions prior to 4.8.4, update to version 4.8.4 or later. For versions prior to 4.9.7, update to version 4.9.7 or later.

Correção

Information Disclosure

Cleartext Storage of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-312

Identificadores relacionados

ALT-PU-2023-1618

ALT-PU-2023-1808

ALT-PU-2023-7794

ALT-PU-2024-12484

ALT-PU-2024-14683

AZL-26697

AZL-37019

BDU:2023-02012

CVE-2023-0614

ECHO-E514-9869-08FF

MGASA-2023-0127

OESA-2023-1220

OESA-2023-1221

OPENSUSE-SU-2024:12830-1

OPENSUSE-SU-2024:12831-1

SUSE-SU-2023:1687-1

SUSE-SU-2023:1689-1

USN-5992-1

USN-5993-1

Produtos afetados

Alt Linux

Astra Linux

Debian

Linuxmint

Samba

Suse

Ubuntu

PT-2023-2254 · Samba+6 · Samba+6

CVE-2023-0614

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 56