CVE-2023-4154

medium

Description

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence.

References

https://www.samba.org/samba/security/CVE-2023-4154.html

https://security.netapp.com/advisory/ntap-20231124-0002/

https://bugzilla.samba.org/show_bug.cgi?id=15424

https://bugzilla.redhat.com/show_bug.cgi?id=2241883

https://access.redhat.com/security/cve/CVE-2023-4154

Details

Source: Mitre, NVD

Published: 2023-11-07

Updated: 2023-12-29

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium