#VU78576 Information disclosure in Samba - CVE-2023-34968

Cybersecurity Help s.r.o.

Published: 2023-07-24

Vulnerability identifier: #VU78576

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-34968

CWE-ID: CWE-200

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can send a specially crafted RPC request to the server and obtain real server-side share path.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Samba: 4.16.0 - 4.18.4

External links
https://www.samba.org/samba/security/CVE-2023-34968.html
https://access.redhat.com/security/cve/CVE-2023-34968
https://bugzilla.redhat.com/show_bug.cgi?id=2222795
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Anolis OS update for openchange

Anolis OS update for evolution-mapi

Multiple vulnerabilities in HP-UX Common Internet File System (CIFS)

Amazon Linux AMI update for samba

Multiple vulnerabilities in Dell RecoverPoint for Virtual Machines

Multiple vulnerabilities in IBM Cloud Pak System

Oracle Solaris update for thrid-party components

Debian update for samba

Multiple vulnerabilities in Juniper Secure Analytics (JSA)

Multiple vulnerabilities in IBM QRadar SIEM