USN-6238-1: Samba vulnerabilities
It was discovered that Samba incorrectly handled Winbind NTLM
authentication responses. An attacker could possibly use this issue to
cause Samba to crash, resulting in a denial of service. (CVE-2022-2127)
Andreas Schneider discovered that Samba incorrectly enforced SMB2 packet
signing. A remote attacker could possibly use this issue to obtain or
modify sensitive information. This issue only affected Ubuntu 23.04.
(CVE-2023-3347)
Florent Saudel and Arnaud Gatignolof discovered that Samba incorrectly
handled certain Spotlight requests. A remote attacker could possibly use
this issue to cause Samba to consume resources, leading to a denial of
service. (CVE-2023-34966, CVE-2023-34967)
Ralph Boehme and Stefan Metzmacher discovered that Samba incorrectly
handled paths returned by Spotlight requests. A remote attacker could
possibly use this issue to obtain sensitive information. (CVE-2023-34968)
Source: USN-6238-1: Samba vulnerabilities
Leave a Reply