CVE-2023-4154

CVE-2023-4154

Name

CVE-2023-4154

Description

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
	https://access.redhat.com/security/cve/CVE-2023-4154
	https://bugzilla.redhat.com/show_bug.cgi?id=2241883
	https://bugzilla.samba.org/show_bug.cgi?id=15424
	https://www.samba.org/samba/security/CVE-2023-4154.html
	https://security.netapp.com/advisory/ntap-20231124-0002/

Type

URI

https://access.redhat.com/security/cve/CVE-2023-4154

https://bugzilla.redhat.com/show_bug.cgi?id=2241883

https://bugzilla.samba.org/show_bug.cgi?id=15424

https://www.samba.org/samba/security/CVE-2023-4154.html

https://security.netapp.com/advisory/ntap-20231124-0002/

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:samba:samba::::::::`	samba	>= 4.19.0	< 4.19.1
`cpe:2.3:a:samba:samba::::::::`	samba	>= 4.18.0	< 4.18.8
`cpe:2.3:a:samba:samba::::::::`	samba	>= 4.0.0	< 4.17.12

CPE URI

Source package

Min version

Max version

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

samba

>= 4.19.0

< 4.19.1

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

samba

>= 4.18.0

< 4.18.8

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

samba

>= 4.0.0

< 4.17.12

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
samba	edge-main	4.18.8-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
samba	edge-main	4.18.7-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
samba	edge-main	4.18.6-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
samba	edge-main	4.18.5-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
samba	edge-main	4.18.5-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
samba	edge-main	4.18.4-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
samba	edge-main	4.18.3-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
samba	edge-main	4.18.3-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
samba	edge-main	4.18.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
samba	edge-main	4.18.1-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
samba	edge-main	4.18.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
samba	edge-main	4.18.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
samba	edge-main	4.17.5-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
samba	edge-main	4.17.5-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
samba	edge-main	4.17.4-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
samba	edge-main	4.17.4-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
samba	edge-main	4.17.0-r0	None	possibly vulnerable
samba	edge-main	4.16.8-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
samba	edge-main	4.16.8-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
samba	edge-main	4.16.7-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
samba	edge-main	4.16.7-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
samba	edge-main	4.16.6-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
samba	edge-main	4.16.4-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
samba	edge-main	4.15.9-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
samba	edge-main	4.15.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
samba	edge-main	4.15.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
samba	edge-main	4.14.4-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
samba	edge-main	4.14.2-r0	None	possibly vulnerable
samba	edge-main	4.12.9-r0	None	possibly vulnerable
samba	edge-main	4.12.7-r0	None	possibly vulnerable
samba	edge-main	4.12.5-r0	None	possibly vulnerable
samba	edge-main	4.12.2-r0	None	possibly vulnerable
samba	edge-main	4.11.5-r0	None	possibly vulnerable
samba	edge-main	4.11.3-r0	None	possibly vulnerable
samba	edge-main	4.11.2-r0	None	possibly vulnerable
samba	edge-main	4.10.8-r0	None	possibly vulnerable
samba	edge-main	4.10.5-r0	None	possibly vulnerable
samba	edge-main	4.10.3-r0	None	possibly vulnerable
samba	edge-main	4.8.11-r0	None	possibly vulnerable
samba	edge-main	4.8.7-r0	None	possibly vulnerable
samba	edge-main	4.8.4-r0	None	possibly vulnerable
samba	edge-main	4.7.6-r0	None	possibly vulnerable
samba	edge-main	4.7.3-r0	None	possibly vulnerable
samba	edge-main	4.7.0-r0	None	possibly vulnerable
samba	edge-main	4.6.1-r0	None	possibly vulnerable
samba	3.22-main	4.18.8-r0	None	fixed
samba	3.22-main	4.18.1-r0	None	possibly vulnerable
samba	3.22-main	4.17.0-r0	None	possibly vulnerable
samba	3.22-main	4.16.7-r0	None	possibly vulnerable
samba	3.22-main	4.16.6-r0	None	possibly vulnerable
samba	3.22-main	4.15.9-r0	None	possibly vulnerable
samba	3.22-main	4.15.2-r0	None	possibly vulnerable
samba	3.22-main	4.15.0-r0	None	possibly vulnerable
samba	3.22-main	4.14.4-r0	None	possibly vulnerable
samba	3.22-main	4.14.2-r0	None	possibly vulnerable
samba	3.22-main	4.12.9-r0	None	possibly vulnerable
samba	3.22-main	4.12.7-r0	None	possibly vulnerable
samba	3.22-main	4.12.5-r0	None	possibly vulnerable
samba	3.22-main	4.12.2-r0	None	possibly vulnerable
samba	3.22-main	4.11.5-r0	None	possibly vulnerable
samba	3.22-main	4.11.3-r0	None	possibly vulnerable
samba	3.22-main	4.11.2-r0	None	possibly vulnerable
samba	3.22-main	4.10.8-r0	None	possibly vulnerable
samba	3.22-main	4.10.5-r0	None	possibly vulnerable
samba	3.22-main	4.10.3-r0	None	possibly vulnerable
samba	3.22-main	4.8.11-r0	None	possibly vulnerable
samba	3.22-main	4.8.7-r0	None	possibly vulnerable
samba	3.22-main	4.8.4-r0	None	possibly vulnerable
samba	3.22-main	4.7.6-r0	None	possibly vulnerable
samba	3.22-main	4.7.3-r0	None	possibly vulnerable
samba	3.22-main	4.7.0-r0	None	possibly vulnerable
samba	3.22-main	4.6.1-r0	None	possibly vulnerable
samba	3.21-main	4.18.8-r0	None	fixed
samba	3.21-main	4.18.1-r0	None	possibly vulnerable
samba	3.21-main	4.17.0-r0	None	possibly vulnerable
samba	3.21-main	4.16.7-r0	None	possibly vulnerable
samba	3.21-main	4.16.6-r0	None	possibly vulnerable
samba	3.21-main	4.15.9-r0	None	possibly vulnerable
samba	3.21-main	4.15.2-r0	None	possibly vulnerable
samba	3.21-main	4.15.0-r0	None	possibly vulnerable
samba	3.21-main	4.14.4-r0	None	possibly vulnerable
samba	3.21-main	4.14.2-r0	None	possibly vulnerable
samba	3.21-main	4.12.9-r0	None	possibly vulnerable
samba	3.21-main	4.12.7-r0	None	possibly vulnerable
samba	3.21-main	4.12.5-r0	None	possibly vulnerable
samba	3.21-main	4.12.2-r0	None	possibly vulnerable
samba	3.21-main	4.11.5-r0	None	possibly vulnerable
samba	3.21-main	4.11.3-r0	None	possibly vulnerable
samba	3.21-main	4.11.2-r0	None	possibly vulnerable
samba	3.21-main	4.10.8-r0	None	possibly vulnerable
samba	3.21-main	4.10.5-r0	None	possibly vulnerable
samba	3.21-main	4.10.3-r0	None	possibly vulnerable
samba	3.21-main	4.8.11-r0	None	possibly vulnerable
samba	3.21-main	4.8.7-r0	None	possibly vulnerable
samba	3.21-main	4.8.4-r0	None	possibly vulnerable
samba	3.21-main	4.7.6-r0	None	possibly vulnerable
samba	3.21-main	4.7.3-r0	None	possibly vulnerable
samba	3.21-main	4.7.0-r0	None	possibly vulnerable
samba	3.21-main	4.6.1-r0	None	possibly vulnerable
samba	3.20-main	4.18.8-r0	None	fixed
samba	3.20-main	4.18.1-r0	None	possibly vulnerable
samba	3.20-main	4.17.0-r0	None	possibly vulnerable
samba	3.20-main	4.16.7-r0	None	possibly vulnerable
samba	3.20-main	4.16.6-r0	None	possibly vulnerable
samba	3.20-main	4.15.9-r0	None	possibly vulnerable
samba	3.20-main	4.15.2-r0	None	possibly vulnerable
samba	3.20-main	4.15.0-r0	None	possibly vulnerable
samba	3.20-main	4.14.4-r0	None	possibly vulnerable
samba	3.20-main	4.14.2-r0	None	possibly vulnerable
samba	3.20-main	4.12.9-r0	None	possibly vulnerable
samba	3.20-main	4.12.7-r0	None	possibly vulnerable
samba	3.20-main	4.12.5-r0	None	possibly vulnerable
samba	3.20-main	4.12.2-r0	None	possibly vulnerable
samba	3.20-main	4.11.5-r0	None	possibly vulnerable
samba	3.20-main	4.11.3-r0	None	possibly vulnerable
samba	3.20-main	4.11.2-r0	None	possibly vulnerable
samba	3.20-main	4.10.8-r0	None	possibly vulnerable
samba	3.20-main	4.10.5-r0	None	possibly vulnerable
samba	3.20-main	4.10.3-r0	None	possibly vulnerable
samba	3.20-main	4.8.11-r0	None	possibly vulnerable
samba	3.20-main	4.8.7-r0	None	possibly vulnerable
samba	3.20-main	4.8.4-r0	None	possibly vulnerable
samba	3.20-main	4.7.6-r0	None	possibly vulnerable
samba	3.20-main	4.7.3-r0	None	possibly vulnerable
samba	3.20-main	4.7.0-r0	None	possibly vulnerable
samba	3.20-main	4.6.1-r0	None	possibly vulnerable
samba	3.19-main	4.18.8-r0	None	fixed
samba	3.19-main	4.18.1-r0	None	possibly vulnerable
samba	3.19-main	4.17.0-r0	None	possibly vulnerable
samba	3.19-main	4.16.7-r0	None	possibly vulnerable
samba	3.19-main	4.16.6-r0	None	possibly vulnerable
samba	3.19-main	4.15.9-r0	None	possibly vulnerable
samba	3.19-main	4.15.2-r0	None	possibly vulnerable
samba	3.19-main	4.15.0-r0	None	possibly vulnerable
samba	3.19-main	4.14.4-r0	None	possibly vulnerable
samba	3.19-main	4.14.2-r0	None	possibly vulnerable
samba	3.19-main	4.12.9-r0	None	possibly vulnerable
samba	3.19-main	4.12.7-r0	None	possibly vulnerable
samba	3.19-main	4.12.5-r0	None	possibly vulnerable
samba	3.19-main	4.12.2-r0	None	possibly vulnerable
samba	3.19-main	4.11.5-r0	None	possibly vulnerable
samba	3.19-main	4.11.3-r0	None	possibly vulnerable
samba	3.19-main	4.11.2-r0	None	possibly vulnerable
samba	3.19-main	4.10.8-r0	None	possibly vulnerable
samba	3.19-main	4.10.5-r0	None	possibly vulnerable
samba	3.19-main	4.10.3-r0	None	possibly vulnerable
samba	3.19-main	4.8.11-r0	None	possibly vulnerable
samba	3.19-main	4.8.7-r0	None	possibly vulnerable
samba	3.19-main	4.8.4-r0	None	possibly vulnerable
samba	3.19-main	4.7.6-r0	None	possibly vulnerable
samba	3.19-main	4.7.3-r0	None	possibly vulnerable
samba	3.19-main	4.7.0-r0	None	possibly vulnerable
samba	3.19-main	4.6.1-r0	None	possibly vulnerable
samba	3.18-main	4.18.8-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
samba	3.17-main	4.16.11-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages