Bug 2182776 (CVE-2023-0614)
| Summary: | CVE-2023-0614 samba: Access controlled AD LDAP attributes can be discovered | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | abokovoy, anoopcs, asn, dkarpele, nobody, pfilipen, rhs-smb |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | samba 4.18.1, samba 4.17.7, samba 4.16.10 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A vulnerability was found in Samba. Confidential attribute disclosure via LDAP filters is insufficient, which may allow an attacker to obtain confidential BitLocker recovery keys from a Samba AD DC.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-03-30 08:36:53 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2182777 | ||
| Bug Blocks: | 2182778 | ||
|
Description
Pedro Sampaio
2023-03-29 15:11:20 UTC
Created samba tracking bugs for this issue: Affects: fedora-all [bug 2182777] The samba package as shipped with Red Hat Enterprise Linux 6, 7, 8 and 9 and Red Hat Gluster is not affected by this issue as Red Hat doesn't provide the AD domain controller capability with it. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-0614 |