The Samba-Bugzilla – Attachment 17812 Details for
Bug 15276
CVE-2023-0225 [SECURITY] Unprivileged user can delete dNSHostName attribute
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Advisory v4
CVE-2023-0225-dnsHostName-delete-v4.txt (text/plain), 2.14 KB, created by
Andrew Bartlett
on 2023-03-13 22:15:20 UTC
(
hide
)
Description:
Advisory v4
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2023-03-13 22:15:20 UTC
Size:
2.14 KB
patch
obsolete
>=========================================================== >== Subject: Samba AD DC "dnsHostname" attribute can be > deleted by unprivileged authenticated users. >== >== CVE ID#: CVE-2023-0225 >== >== Versions: Samba 4.17.0 and later versions >== >== Summary: An incomplete access check on dnsHostName allows > authenticated but otherwise unprivileged users to > delete this attribute from any object in the directory. >=========================================================== > >=========== >Description >=========== > >In implementing the Validated dnsHostName permission check in Samba's >Active Directory DC, and therefore applying correctly constraints on >the values of a dnsHostName value for a computer in a Samba domain >(CVE-2022-32743), the case where the dnsHostName is deleted, rather >than modified or added, was incorrectly handled. > >Therefore, in Samba 4.17.0 and later an LDAP attribute value deletion >of the dnsHostName attribute became possible for authenticated but >otherwise unprivileged users, for any object. > >================== >Patch Availability >================== > >Patches addressing both these issues have been posted to: > > https://www.samba.org/samba/security/ > >Additionally, Samba $VERSIONS have been issued >as security releases to correct the defect. Samba administrators are >advised to upgrade to these releases or apply the patch as soon >as possible. > >================== >CVSSv3 calculation >================== > >CVSS3.1:AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L (5.4) > >========== >Workaround >========== > >The AD DC LDAP server is a critical component of the AD DC, and it >should not be disabled. However it can be disabled by setting > > server services = -ldap > >in the smb.conf and restarting Samba > >======= >Credits >======= > >Originally reported by Lukas Mitter of codemanufaktur GmbH. > >Patches provided by Joseph Sutton and Douglas Bagnall of Catalyst >and the Samba Team. > >Advisory prepared by Andrew Bartlett of Catalyst and the Samba Team. > >========================================================== >== Our Code, Our Bugs, Our Responsibility. >== The Samba Team >========================================================== >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
jsutton
:
review+
Actions:
View
Attachments on
bug 15276
:
17718
|
17720
|
17764
|
17765
|
17766
|
17776
| 17812 |
17813
|
17814
|
17817
|
17818
|
17833