CVE-2023-0614

CVSS v3.1

7.7

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Samba versions prior to 4.6.16 Samba versions prior to 4.7.9 Samba versions prior to 4.8.4 Samba versions prior to 4.9.7

Description The issue is related to insufficient protection of service data, which may allow a remote attacker to disclose protected information. Specifically, an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC due to a problem with LDAP filters.

Recommendations For versions prior to 4.6.16, update to version 4.6.16 or later. For versions prior to 4.7.9, update to version 4.7.9 or later. For versions prior to 4.8.4, update to version 4.8.4 or later. For versions prior to 4.9.7, update to version 4.9.7 or later.

Fix

Cleartext Storage of Sensitive Information

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312CWE-200

Related Identifiers

ALT-PU-2023-1618

ALT-PU-2023-1808

ALT-PU-2023-7794

ALT-PU-2024-12484

ALT-PU-2024-14683

AZL-26697

AZL-37019

BDU:2023-02012

CVE-2023-0614

MGASA-2023-0127

OESA-2023-1220

OESA-2023-1221

OPENSUSE-SU-2024:12830-1

OPENSUSE-SU-2024:12831-1

SUSE-SU-2023:1687-1

SUSE-SU-2023:1689-1

USN-5992-1

USN-5993-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Samba

Suse

Ubuntu

CVE-2023-0614

Weakness Enumeration

Related Identifiers

Affected Products

References · 56