The Samba-Bugzilla – Attachment 17772 Details for
Bug 15315
CVE-2023-0922 [SECURITY] Samba AD DC admin tool samba-tool sends passwords in cleartext
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Initial advisory without versions
CVE-2023-0922-unicodePwd-on-wire-v1.txt (text/plain), 2.35 KB, created by
Andrew Bartlett
on 2023-02-23 04:05:30 UTC
(
hide
)
Description:
Initial advisory without versions
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2023-02-23 04:05:30 UTC
Size:
2.35 KB
patch
obsolete
>=========================================================== >== Subject: Samba AD DC admin tool samba-tool sends passwords in cleartext >== >== CVE ID#: CVE-2023-0922 >== >== Versions: All versions of Samba since 4.0 >== >== Summary: >=========================================================== > >=========== >Description >=========== > >Active Directory allows passwords to be set and changed over LDAP. >Microsoft's implementation imposes a restriction that this may only >happen over an encrypted connection, however Samba does not have this >restriction currently. > >Samba's samba-tool client tool likewise has no restriction regarding >the security of the connection it will set a password over. > >An attacker with access to observe the network traffic between >samba-tool and the Samba AD DC could observe new passwords if >samba-tool is connecting using a Kerberos secured connection against a >Samba AD DC. > >This would happen when, samba-tool is being used to resetting a user's >password, or when adding a new user. > >This patch changes all Samba LDAP client connections to use >encryption, as well as integrity protection, by default, by changing >the default value of "client ldap sasl wrapping" to "seal" in Samba's >smb.conf. > >Administrators should confirm this value has not been overridden in >their local smb.conf to obtain the benefit of this change. > >================== >Patch Availability >================== > >Patches addressing both these issues have been posted to: > > https://www.samba.org/samba/security/ > >Additionally, Samba $VERSIONS have been issued >as security releases to correct the defect. Samba administrators are >advised to upgrade to these releases or apply the patch as soon >as possible. > >================== >CVSSv3 calculation >================== > >CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N (5.9) > >========== >Workaround >========== > >Set "client ldap sasl wrapping = seal" in the smb.conf or add the >--option=clientldapsaslwrapping=sign option to any samba-tool or >ldbmodify invocation that sets a password. > >======= >Credits >======= > >Originally reported by Andrew Bartlett of Catalyst and the Samba Team working with Rob van der Linde of Catalyst. > >Patches provided by Rob van der Linde of Catalyst. > >========================================================== >== Our Code, Our Bugs, Our Responsibility. >== The Samba Team >========================================================== >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=17772">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
jsutton
:
review+
Actions:
View
Attachments on
bug 15315
:
17772
|
17777
|
17779
|
17781
|
17782
|
17783
|
17809
|
17810
|
17811
|
17815
|
17829
|
17830
|
17831
|
17832