PT-2023-9375 · Samba+9 · Samba+9

Ralph Boehme

Published

2023-07-13

Updated

2024-12-06

CVE-2023-34968

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Samba (affected versions not specified)

Description A path disclosure issue was found in Samba, related to the Spotlight protocol. This issue causes Samba to disclose the server-side absolute path of shares, files, and directories in search query results. A malicious client or an attacker with a targeted RPC request can exploit this flaw to view the disclosed path information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-201

Related Identifiers

ALSA-2023:6667

ALSA-2023:7139

ALT-PU-2023-4520

ALT-PU-2023-4522

ALT-PU-2023-4523

ALT-PU-2023-7794

ALT-PU-2024-12484

ALT-PU-2024-14683

AZL-27662

AZL-37023

BDU:2024-06935

CESA-2023_7139

CVE-2023-34968

DSA-5477-1

DSA-5647-1

ECHO-5A18-2CA7-803E

MGASA-2023-0247

OPENSUSE-SU-2024:13071-1

RHSA-2023:6667

RHSA-2023:7139

RHSA-2023_6667

RHSA-2023_7139

RHSA-2024:0423

RHSA-2024:0580

SUSE-SU-2023:2888-1

SUSE-SU-2023:2929-1

SUSE-SU-2023:2930-1

SUSE-SU-2023:3060-1

SUSE-SU-2023:3066-1

SUSE-SU-2023_2929-1

SUSE-SU-2023_2930-1

SUSE-SU-2023_3060-1

USN-6238-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Samba

Suse

Ubuntu

PT-2023-9375 · Samba+9 · Samba+9

CVE-2023-34968

Weakness Enumeration

Related Identifiers

Affected Products

References · 90