- Vulnerability/
- USN-6425-1
USN-6425-1: Samba vulnerabilities
First published: Tue Oct 10 2023(Updated: )
Sri Nagasubramanian discovered that the Samba acl_xattr VFS module incorrectly handled read-only files. When Samba is configured to ignore system ACLs, a remote attacker could possibly use this issue to truncate read-only files. (CVE-2023-4091) Andrew Bartlett discovered that Samba incorrectly handled the DirSync control. A remote attacker with an RODC DC account could possibly use this issue to obtain all domain secrets. (CVE-2023-4154) Andrew Bartlett discovered that Samba incorrectly handled the rpcecho development server. A remote attacker could possibly use this issue to cause Samba to stop responding, resulting in a denial of service. (CVE-2023-42669) Kirin van der Veer discovered that Samba incorrectly handled certain RPC service listeners. A remote attacker could possibly use this issue to cause Samba to start multiple incompatible RPC listeners, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04. (CVE-2023-42670)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/samba | <2:4.17.7+dfsg-1ubuntu2.3 | 2:4.17.7+dfsg-1ubuntu2.3 |
| =23.04 | ||
| All of | ||
| ubuntu/samba | <2:4.15.13+dfsg-0ubuntu1.5 | 2:4.15.13+dfsg-0ubuntu1.5 |
| =22.04 | ||
| All of | ||
| ubuntu/samba | <2:4.15.13+dfsg-0ubuntu0.20.04.6 | 2:4.15.13+dfsg-0ubuntu0.20.04.6 |
| =20.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2023-4091
- https://ubuntu.com/security/CVE-2023-42670
- https://ubuntu.com/security/CVE-2023-42669
- https://ubuntu.com/security/CVE-2023-4154
- https://ubuntu.com/security/notices/USN-6425-3
- https://launchpad.net/ubuntu/+source/samba/2:4.17.7+dfsg-1ubuntu2.3
- https://launchpad.net/ubuntu/+source/samba/2:4.15.13+dfsg-0ubuntu1.5
- https://launchpad.net/ubuntu/+source/samba/2:4.15.13+dfsg-0ubuntu0.20.04.6
- https://ubuntu.com/security/notices/USN-6425-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for this Samba vulnerability?
The vulnerability ID for this Samba vulnerability is CVE-2023-4091.
What is the impact of this Samba vulnerability?
This Samba vulnerability could allow a remote attacker to truncate read-only files.
How does the Samba acl_xattr VFS module handle read-only files?
The Samba acl_xattr VFS module incorrectly handles read-only files.
Is there a fix available for this Samba vulnerability?
Yes, a fix is available for this Samba vulnerability. Please update to version 2:4.17.7+dfsg-1ubuntu2.3.
Where can I find more information about this Samba vulnerability?
More information about this Samba vulnerability can be found at the following references: [link1](https://ubuntu.com/security/CVE-2023-4091), [link2](https://ubuntu.com/security/CVE-2023-42670), [link3](https://ubuntu.com/security/CVE-2023-42669).
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- anchor-related/USN-6425-3
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/23.04
- version/ubuntu ubuntu/22.04
- version/ubuntu ubuntu/20.04