PT-2023-2255 · Samba+4 · Samba+4

Lukas Mitter

Published

2023-03-29

Updated

2024-09-23

CVE-2023-0225

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Samba (affected versions not specified)

Description A flaw was found in Samba, related to an incomplete access check on dnsHostName, allowing authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. This issue is associated with incorrect permission assignment for a critical resource, which can be exploited by an attacker to delete the dnsHostName attribute from any object in the directory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

ALT-PU-2023-1808

ALT-PU-2023-7794

ALT-PU-2024-12484

AZL-43621

AZL-45378

BDU:2023-02013

CVE-2023-0225

ECHO-C3EA-A3B3-43D9

MGASA-2023-0127

OESA-2023-1233

OPENSUSE-SU-2024:12831-1

SUSE-SU-2023:1687-1

SUSE-SU-2023:1689-1

Affected Products

Alt Linux

Astra Linux

Debian

Samba

Suse

PT-2023-2255 · Samba+4 · Samba+4

CVE-2023-0225

Weakness Enumeration

Related Identifiers

Affected Products

References · 49