First published: Tue Oct 03 2023(Updated: )
A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/samba | <4.19.1 | 4.19.1 |
redhat/samba | <4.18.8 | 4.18.8 |
redhat/samba | <4.17.12 | 4.17.12 |
Samba Samba | >=4.0.0<4.17.12 | |
Samba Samba | >=4.18.0<4.18.8 | |
Samba Samba | >=4.19.0<4.19.1 | |
ubuntu/samba | <2:4.15.13+dfsg-0ubuntu0.20.04.6 | 2:4.15.13+dfsg-0ubuntu0.20.04.6 |
ubuntu/samba | <2:4.15.13+dfsg-0ubuntu1.5 | 2:4.15.13+dfsg-0ubuntu1.5 |
ubuntu/samba | <2:4.17.7+dfsg-1ubuntu2.3 | 2:4.17.7+dfsg-1ubuntu2.3 |
ubuntu/samba | <2:4.18.6+dfsg-1ubuntu2.1 | 2:4.18.6+dfsg-1ubuntu2.1 |
ubuntu/samba | <2:4.18.6+dfsg-1ubuntu2.1 | 2:4.18.6+dfsg-1ubuntu2.1 |
debian/samba | <=2:4.13.13+dfsg-1~deb11u6 | 2:4.17.12+dfsg-0+deb12u1 2:4.21.0~rc1+really4.20.3+dfsg-1 2:4.21.0~rc1+really4.20.4+dfsg-1 |
>=4.0.0<4.17.12 | ||
>=4.18.0<4.18.8 | ||
>=4.19.0<4.19.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-4154 is a vulnerability that allows privileged users and RODCs to expose the Samba AD DC password.
CVE-2023-4154 is considered a severe vulnerability.
Samba versions 2:4.15.13+dfsg-0ubuntu0.20.04.6, 2:4.15.13+dfsg-0ubuntu1.5, and 2:4.17.7+dfsg-1ubuntu2.3 are affected by CVE-2023-4154.
To fix CVE-2023-4154, update Samba to version 2:4.15.13+dfsg-0ubuntu0.20.04.6, 2:4.15.13+dfsg-0ubuntu1.5, or 2:4.17.7+dfsg-1ubuntu2.3.
You can find more information about CVE-2023-4154 at the following references: [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4154), [Samba](https://www.samba.org/samba/security/CVE-2023-4154.html), [Ubuntu Security Notices](https://ubuntu.com/security/notices/USN-6425-1).