CVE-2023-34968

Name
CVE-2023-34968
Description
A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://www.samba.org/samba/security/CVE-2023-34968.html
MISC https://access.redhat.com/security/cve/CVE-2023-34968
MISC https://bugzilla.redhat.com/show_bug.cgi?id=2222795
MISC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/
MISC https://security.netapp.com/advisory/ntap-20230731-0010/
MISC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/
MISC https://www.debian.org/security/2023/dsa-5477
https://access.redhat.com/errata/RHSA-2023:6667
https://access.redhat.com/errata/RHSA-2023:7139
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:0423
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:0580

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* samba >= 4.18.0 < 4.18.5
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* samba >= 4.17.0 < 4.17.10
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* samba >= None < 4.16.11

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
samba 3.15-main 4.15.13-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
samba 3.16-main 4.15.13-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable