Fedora 36 update for libldb, samba
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2023-0614 CVE-2023-0922 |
| CWE-ID | CWE-284 CWE-319 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
Fedora Operating systems & Components / Operating system samba Operating systems & Components / Operating system package or component libldb Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Improper access control
EUVDB-ID: #VU74179
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-0614
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain gain access to sensitive information.
The vulnerability exists due to insufficient patch for vulnerability #VU14335 (CVE-2018-10919). A remote user can bypass implemented security restrictions and gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 36
samba: before 4.16.10-0.fc36
libldb: before 2.5.3-1.fc36
CPE2.3- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:samba:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:libldb:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2023-1c172e3264
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cleartext transmission of sensitive information
EUVDB-ID: #VU74177
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-0922
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to samba-tool transmits credentials to the LDAP server in clear text. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 36
samba: before 4.16.10-0.fc36
libldb: before 2.5.3-1.fc36
CPE2.3- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:samba:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:libldb:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2023-1c172e3264
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
