CVE-2023-0225
First published: Mon Apr 03 2023(Updated: )
A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samba Samba | >=4.17.0<4.17.7 | |
| Samba Samba | =4.18.0 | |
| Samba Samba | =4.18.0-rc1 | |
| Samba Samba | =4.18.0-rc2 | |
| Samba Samba | =4.18.0-rc3 | |
| Samba Samba | =4.18.0-rc4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-0225?
CVE-2023-0225 is a vulnerability found in Samba that allows authenticated but otherwise unprivileged users to delete the dnsHostName attribute from any object in the directory.
How does CVE-2023-0225 affect Samba?
CVE-2023-0225 affects Samba versions 4.17.0 to 4.17.7, as well as Samba version 4.18.0.
What is the severity of CVE-2023-0225?
CVE-2023-0225 has a severity rating of medium (4.3).
How can I fix CVE-2023-0225?
To fix CVE-2023-0225, update Samba to a version that is not affected by this vulnerability.
Where can I find more information about CVE-2023-0225?
You can find more information about CVE-2023-0225 at the following references: [link1], [link2], [link3].
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-api
- collector/nvd-index
- vendor/samba
- canonical/samba samba
- version/samba samba/4.17.0
- version/samba samba/4.18.0
- version/samba samba/4.18.0-rc1
- version/samba samba/4.18.0-rc2
- version/samba samba/4.18.0-rc3
- version/samba samba/4.18.0-rc4