- Vulnerability/
- USN-6238-1
USN-6238-1: Samba vulnerabilities
First published: Wed Jul 19 2023(Updated: )
It was discovered that Samba incorrectly handled Winbind NTLM authentication responses. An attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2022-2127) Andreas Schneider discovered that Samba incorrectly enforced SMB2 packet signing. A remote attacker could possibly use this issue to obtain or modify sensitive information. This issue only affected Ubuntu 23.04. (CVE-2023-3347) Florent Saudel and Arnaud Gatignolof discovered that Samba incorrectly handled certain Spotlight requests. A remote attacker could possibly use this issue to cause Samba to consume resources, leading to a denial of service. (CVE-2023-34966, CVE-2023-34967) Ralph Boehme and Stefan Metzmacher discovered that Samba incorrectly handled paths returned by Spotlight requests. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2023-34968)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/samba | <2:4.17.7+dfsg-1ubuntu1.1 | 2:4.17.7+dfsg-1ubuntu1.1 |
| Ubuntu Ubuntu | =23.04 | |
| All of | ||
| ubuntu/samba | <2:4.16.8+dfsg-0ubuntu1.2 | 2:4.16.8+dfsg-0ubuntu1.2 |
| Ubuntu Ubuntu | =22.10 | |
| All of | ||
| ubuntu/samba | <2:4.15.13+dfsg-0ubuntu1.2 | 2:4.15.13+dfsg-0ubuntu1.2 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/samba | <2:4.15.13+dfsg-0ubuntu0.20.04.3 | 2:4.15.13+dfsg-0ubuntu0.20.04.3 |
| Ubuntu Ubuntu | =20.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2023-3347
- https://ubuntu.com/security/CVE-2023-34967
- https://ubuntu.com/security/CVE-2023-34968
- https://ubuntu.com/security/CVE-2023-34966
- https://ubuntu.com/security/CVE-2022-2127
- https://launchpad.net/ubuntu/+source/samba/2:4.17.7+dfsg-1ubuntu1.1
- https://launchpad.net/ubuntu/+source/samba/2:4.16.8+dfsg-0ubuntu1.2
- https://launchpad.net/ubuntu/+source/samba/2:4.15.13+dfsg-0ubuntu1.2
- https://launchpad.net/ubuntu/+source/samba/2:4.15.13+dfsg-0ubuntu0.20.04.3
- https://ubuntu.com/security/notices/USN-6238-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for the Samba vulnerabilities?
The vulnerability ID for the Samba vulnerabilities is USN-6238-1.
What is the impact of CVE-2022-2127?
CVE-2022-2127 can cause Samba to crash, resulting in a denial of service.
Who discovered the Samba vulnerabilities?
The Samba vulnerabilities were discovered by Andreas Schneider.
What is the remedy version for Samba on Ubuntu 23.04?
The remedy version for Samba on Ubuntu 23.04 is 2:4.17.7+dfsg-1ubuntu1.1.
Where can I find more information about the Samba vulnerabilities?
You can find more information about the Samba vulnerabilities at the following references: [CVE-2023-3347](https://ubuntu.com/security/CVE-2023-3347), [CVE-2023-34967](https://ubuntu.com/security/CVE-2023-34967), [CVE-2023-34968](https://ubuntu.com/security/CVE-2023-34968).
- collector/usn
- agent/references
- agent/title
- agent/severity
- agent/description
- agent/type
- agent/tags
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/23.04
- version/ubuntu ubuntu/22.10
- version/ubuntu ubuntu/22.04
- version/ubuntu ubuntu/20.04