13485 2023-08-23 16:21:15 +0300 [CVE 21] samba 4.15.5 CVEs found 2023-10-20 11:49:44 +0300 1 1 2 ROSA-based products ROSA Fresh System (kernel, glibc, systemd, bash, PAM...) All All Linux RESOLVED DUPLICATE 13935 CVE-2021-20251, CVE-2021-20254, CVE-2021-20277, CVE-2021-23192, CVE-2022-44640, CVE-2023-0614, CVE-2023-34966, CVE-2023-34967, CVE-2023-34968, Normal normal --- 1 y.tumanov bugs e.kosachev m.novosyolov s.matveev v.potapov y.tumanov 2021.1 oldest_to_newest 68851 0 y.tumanov 2023-08-23 16:21:15 +0300 Please patch CVEs for package samba version 4.15.5 INFO (CVEs are): samba 4.15.5 cves found CVE-2021-20251 Desc: A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met. Link: https://nvd.nist.gov/vuln/detail/CVE-2021-20251 Severity: MEDIUM CVE-2021-20254 Desc: A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity. Link: https://nvd.nist.gov/vuln/detail/CVE-2021-20254 Severity: MEDIUM CVE-2021-20277 Desc: A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability. Link: https://nvd.nist.gov/vuln/detail/CVE-2021-20277 Severity: HIGH CVE-2021-23192 Desc: A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements. Link: https://nvd.nist.gov/vuln/detail/CVE-2021-23192 Severity: HIGH CVE-2022-44640 Desc: Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC). Link: https://nvd.nist.gov/vuln/detail/CVE-2022-44640 Severity: CRITICAL CVE-2023-0614 Desc: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. Link: https://nvd.nist.gov/vuln/detail/CVE-2023-0614 Severity: MEDIUM CVE-2023-34966 Desc: An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition. Link: https://nvd.nist.gov/vuln/detail/CVE-2023-34966 Severity: HIGH CVE-2023-34967 Desc: A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves. Link: https://nvd.nist.gov/vuln/detail/CVE-2023-34967 Severity: MEDIUM CVE-2023-34968 Desc: A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path. Link: https://nvd.nist.gov/vuln/detail/CVE-2023-34968 Severity: MEDIUM 70024 1 v.potapov 2023-10-20 11:49:44 +0300 *** This bug has been marked as a duplicate of bug 13935 ***