Samba: ad dc password exposure to privileged users and rodcs
CVE-2023-4154

7.5HIGH

Key Information:

Vendor

Red Hat
Status
Samba
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Vendor
CVE Published:
7 November 2023

What is CVE-2023-4154?

A design flaw in Samba's DirSync control implementation grants unauthorized access to sensitive passwords and secret attributes in Active Directory. This flaw specifically compromises Read-Only Domain Controllers (RODCs) and privileged users by allowing them to access all attributes, including secret passwords that should only be restricted. The vulnerability also ignores error conditions, which can lead to accidental overexposure of sensitive data, even under low-privilege scenarios. As a result, RODCs, which are designed to replicate a limited set of passwords, can inadvertently access all domain secrets, including critical account information such as krbtgt.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

samba 4.19.1

samba 4.18.8

samba 4.17.12

References

https://access.redhat.com/security/cve/CVE-2023-4154
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2241883
issue-trackingx_refsource_REDHAT
https://bugzilla.samba.org/show_bug.cgi?id=15424

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.