Back to bug 2222792
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| TEJ RATHI | 2023-07-13 18:08:09 UTC | CC | security-response-team | |
| TEJ RATHI | 2023-07-13 18:11:11 UTC | CC | abokovoy, anoopcs, asn, dkarpele, nobody, pfilipen, sbose | |
| TEJ RATHI | 2023-07-13 18:13:19 UTC | Blocks | 2216374 | |
| TEJ RATHI | 2023-07-14 11:42:02 UTC | Depends On | 2222896, 2222894, 2222895 | |
| TEJ RATHI | 2023-07-17 14:35:04 UTC | Deadline | 2023-07-19 | |
| TEJ RATHI | 2023-07-18 05:56:48 UTC | Depends On | 2223515, 2223516 | |
| TEJ RATHI | 2023-07-19 14:52:30 UTC | Fixed In Version | samba 4.17.10, samba 4.18.5 | |
| TEJ RATHI | 2023-07-20 09:23:00 UTC | Group | security, qe_staff | |
| Deadline | 2023-07-19 | |||
| Summary | EMBARGOED CVE-2023-3347 samba: SMB2 packet signing is not enforced when "server signing = required" is set | CVE-2023-3347 samba: SMB2 packet signing is not enforced when "server signing = required" is set | ||
| CC | rhs-smb | |||
| TEJ RATHI | 2023-07-20 09:33:13 UTC | Depends On | 2224255 | |
| TEJ RATHI | 2023-07-20 10:34:30 UTC | Doc Text | A vulnerability was discovered in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. An attacker could exploit this vulnerability with certain types of attacks, such as man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data. | |
| RaTasha Tillery-Smith | 2023-07-20 13:36:07 UTC | Doc Text | A vulnerability was discovered in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. An attacker could exploit this vulnerability with certain types of attacks, such as man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data. | A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data. |
| errata-xmlrpc | 2023-07-31 08:53:17 UTC | Link ID | Red Hat Product Errata RHSA-2023:4325 | |
| errata-xmlrpc | 2023-07-31 09:30:21 UTC | Link ID | Red Hat Product Errata RHSA-2023:4328 |
Back to bug 2222792