Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-4154— Samba: ad dc password exposure to privileged users and rodcs

CVSS 7.5 · High EPSS 0.40% · P61
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-4154

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Samba: ad dc password exposure to privileged users and rodcs
Source: NVD (National Vulnerability Database)
Vulnerability Description
A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存写
Source: NVD (National Vulnerability Database)
Vulnerability Title
Samba 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Samba是用于 Linux 和 Unix 的标准 Windows 互操作性程序套件。 Samba 4.19.1之前版本、4.18.8之前版本 和 4.17.12之前版本存在安全漏洞,该漏洞源于Samba AD DC 密码暴露给特权用户和 RODC,RODC 和具有 GET_CHANGES 的用户右键可以查看所有属性。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-samba 4.19.1 -
Red HatRed Hat Enterprise Linux 6-cpe:/o:redhat:enterprise_linux:6
Red HatRed Hat Enterprise Linux 6-cpe:/o:redhat:enterprise_linux:6
Red HatRed Hat Enterprise Linux 7-cpe:/o:redhat:enterprise_linux:7
Red HatRed Hat Enterprise Linux 8-cpe:/o:redhat:enterprise_linux:8
Red HatRed Hat Enterprise Linux 9-cpe:/o:redhat:enterprise_linux:9
Red HatRed Hat Storage 3-cpe:/a:redhat:storage:3
FedoraFedora--

II. Public POCs for CVE-2023-4154

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-4154

登录查看更多情报信息。

Same Patch Batch · n/a · 2023-11-07 · 22 CVEs total

CVE-2023-43886Tenda RX9 Pro 安全漏洞
CVE-2023-47456Tenda AX1806 安全漏洞
CVE-2023-47455Tenda AX1806 安全漏洞
CVE-2023-47360VideoLAN VLC media player 安全漏洞
CVE-2023-47359VideoLAN VLC media player 安全漏洞
CVE-2023-47102UrBackup 安全漏洞
CVE-2023-46998BootBox Bootbox.js 安全漏洞
CVE-2023-46501BoltWire 安全漏洞
CVE-2023-46001GPAC 安全漏洞
CVE-2023-45380PrestaShop Order Duplicator 安全漏洞
CVE-2023-43984PrestaShop Advanced Export Products Orders Cron CSV Excel 安全漏洞
CVE-2021-43419Opay Mobile application 安全漏洞
CVE-2023-43885Tenda RX9 Pro 安全漏洞
CVE-2023-42361Atlassian JIRA Server和JIRA Data Center 安全漏洞
CVE-2023-42284Tyk Gateway 安全漏洞
CVE-2023-42283Tyk Gateway 安全漏洞
CVE-2023-41425WonderCMS 安全漏洞
CVE-2023-33481Saad Irfan RemoteClinic 安全漏洞
CVE-2023-33480Saad Irfan RemoteClinic 安全漏洞
CVE-2023-33479Saad Irfan RemoteClinic 安全漏洞

Showing top 20 of 22 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: samba
Same vendor: n/a
Same weakness: CWE-787

V. Comments for CVE-2023-4154

No comments yet

Leave a comment