medium
5.3
CWE
843
Advisory Published
CVE Published
CVE Published
Updated

CVE-2023-34967: Samba: type confusion in mdssvc rpc service for spotlight

First published: Thu Jul 13 2023(Updated: )

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves.

Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
redhat/samba<4.16.11
4.16.11
redhat/samba<4.17.10
4.17.10
redhat/samba<4.18.5
4.18.5
ubuntu/samba<2:4.15.13+dfsg-0ubuntu0.20.04.3
2:4.15.13+dfsg-0ubuntu0.20.04.3
ubuntu/samba<2:4.15.13+dfsg-0ubuntu1.2
2:4.15.13+dfsg-0ubuntu1.2
ubuntu/samba<2:4.16.8+dfsg-0ubuntu1.2
2:4.16.8+dfsg-0ubuntu1.2
ubuntu/samba<2:4.17.7+dfsg-1ubuntu1.1
2:4.17.7+dfsg-1ubuntu1.1
ubuntu/samba<2:4.18.5+dfsg-1ubuntu1
2:4.18.5+dfsg-1ubuntu1
<4.16.11
>=4.17.0<4.17.10
>=4.18.0<4.18.5
=37
=38
=8.0
=9.0
=11.0
=12.0
Samba Samba<4.16.11
Samba Samba>=4.17.0<4.17.10
Samba Samba>=4.18.0<4.18.5
Fedoraproject Fedora=38
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
debian/samba<=2:4.9.5+dfsg-5+deb10u3<=2:4.9.5+dfsg-5+deb10u4<=2:4.13.13+dfsg-1~deb11u5
2:4.17.12+dfsg-0+deb12u1
2:4.19.3+dfsg-2

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2023-34967?

    CVE-2023-34967 is a Type Confusion vulnerability found in Samba's mdssvc RPC service for Spotlight.

  • How severe is CVE-2023-34967?

    CVE-2023-34967 has a severity rating of 5.3 (medium).

  • What software is affected by CVE-2023-34967?

    The software affected by CVE-2023-34967 includes Samba versions 2:4.15.13+dfsg-0ubuntu0.20.04.3, 2:4.15.13+dfsg-0ubuntu1.2, 2:4.16.8+dfsg-0ubuntu1.2, 2:4.17.7+dfsg-1ubuntu1.1, 4.16.11, 4.17.10, 4.18.5, and possibly others.

  • How can I fix CVE-2023-34967?

    To fix CVE-2023-34967, it is recommended to update to the patched versions of Samba, such as 2:4.17.10+dfsg-0+deb12u1 or 2:4.19.0+dfsg-1.

  • Where can I find more information about CVE-2023-34967?

    For more information about CVE-2023-34967, you can visit the following references: [Red Hat](https://access.redhat.com/security/cve/CVE-2023-34967), [Samba](https://www.samba.org/samba/security/CVE-2023-34967.html), [Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=2222794).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203