Bug 2182774 (CVE-2023-0922)
| Summary: | CVE-2023-0922 samba: AD DC admin tool samba-tool sends passwords in cleartext | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | abokovoy, anoopcs, asn, dkarpele, nobody, pfilipen, rhs-smb |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | samba 4.18.1, samba 4.17.7, samba 4.16.10 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A vulnerability was found in Samba. This security issue occurs in the Samba AD DC administration tool. When operating against a remote LDAP server, it will, by default, send new or reset passwords over a signed-only connection.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-03-30 08:35:55 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2182775 | ||
| Bug Blocks: | 2182778 | ||
|
Description
Pedro Sampaio
2023-03-29 15:08:45 UTC
Created samba tracking bugs for this issue: Affects: fedora-all [bug 2182775] The samba package as shipped with Red Hat Enterprise Linux 6, 7, 8 and 9 and Red Hat Gluster is not affected by this issue as Red Hat doesn't provide the AD domain controller capability with it. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-0922 |