diff options
| author | Timur I. Bakeyev <timur@FreeBSD.org> | 2023-04-07 14:50:34 +0000 |
|---|---|---|
| committer | Timur I. Bakeyev <timur@FreeBSD.org> | 2023-04-07 14:52:06 +0000 |
| commit | 7b0da40d3819ae333cd5fd57c6b8c166565286a5 (patch) | |
| tree | 371bc185d858cbb39c4fcd76c407b3cc2396a8e2 /security | |
| parent | f27cc9e0310a5be6f72c297e1d64c123ff83172f (diff) | |
| download | ports-7b0da40d3819ae333cd5fd57c6b8c166565286a5.tar.gz ports-7b0da40d3819ae333cd5fd57c6b8c166565286a5.zip | |
securily/vuxml: document Samba vulnerabilities
CVE-2023-0225, CVE-2023-0922, CVE-2023-0614
Security: CVE-2023-0225
CVE-2023-0922
CVE-2023-0614
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln/2023.xml | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index e532db04b3be..28afea0ad00d 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,57 @@ + <vuln vid="e86b8e4d-d551-11ed-8d1e-005056a311d1"> + <topic>samba -- multiple vulnerabilities</topic> + <affects> + <package> + <name>samba416</name> + <range><lt>4.16.10</lt></range> + </package> + <package> + <name>samba417</name> + <range><lt>4.17.7</lt></range> + </package> + <package> + <name>samba418</name> + <range><lt>4.18.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Samba Team reports:</p> + <blockquote cite="https://www.samba.org/samba/security/CVE-2023-0225.html"> + <p>An incomplete access check on dnsHostName allows + authenticated but otherwise unprivileged users to + delete this attribute from any object in the directory.</p> + </blockquote> + <blockquote cite="https://www.samba.org/samba/security/CVE-2023-0922.html"> + <p>The Samba AD DC administration tool, when operating + against a remote LDAP server, will by default send + new or reset passwords over a signed-only connection. </p> + </blockquote> + <blockquote cite="https://www.samba.org/samba/security/CVE-2023-0614.html"> + <p>The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for + CVE-2018-10919 Confidential attribute disclosure via + LDAP filters was insufficient and an attacker may be + able to obtain confidential BitLocker recovery keys + from a Samba AD DC.</p> + <p>Installations with such secrets in their Samba AD + should assume they have been obtained and need replacing.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2023-0225</cvename> + <url>https://www.samba.org/samba/security/CVE-2023-0225.html</url> + <cvename>CVE-2023-0922</cvename> + <url>https://www.samba.org/samba/security/CVE-2023-0922.html</url> + <cvename>CVE-2023-0614</cvename> + <url>https://www.samba.org/samba/security/CVE-2023-0614.html</url> + </references> + <dates> + <discovery>2023-03-29</discovery> + <entry>2023-04-07</entry> + </dates> + </vuln> + <vuln vid="faf7c1d0-f5bb-47b4-a6a8-ef57317b9766"> <topic>ffmpeg -- multiple vulnerabilities</topic> <affects> |