Detections
Analytics
SUSE SLES15 Security Update : samba (SUSE-SU-2023:4096-1)
medium Nessus Plugin ID 183282
Language:
Synopsis
The remote SUSE host is missing one or more security updates.Description
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4096-1 advisory.- The vulnerability exists due to an error in the way SMB protocol implementation in Samba handles file operations. A remote user can request read-only access to files and then truncate them to 0 bytes by opening files with OVERWRITE disposition when using the acl_xattr Samba VFS module with the smb.conf setting acl_xattr:ignore system acls = yes. (CVE-2023-4091)
- The vulnerability exists due to a design error in Samba's implementation of the DirSync control, which can allow replication of critical domain passwords and secrets by Active Directory accounts authorized to do some replication, but not to replicate sensitive attributes. A remote user can obtain sensitive information from the AD DC and compromise the Active Directory. (CVE-2023-4154)
- The vulnerability exists due to inclusion of the rpcecho server into production build, which can call sleep() on AD DC. A remote user can request the server block using the rpcecho server and perform a denial of service (DoS) attack. (CVE-2023-42669)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://bugzilla.suse.com/1215905
https://bugzilla.suse.com/1215908
https://lists.suse.com/pipermail/sle-updates/2023-October/032195.html
https://www.suse.com/security/cve/CVE-2023-4091
https://www.suse.com/security/cve/CVE-2023-4154
Plugin Details
Severity: Medium
ID: 183282
File Name: suse_SU-2023-4096-1.nasl
Version: 1.4
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 10/18/2023
Updated: 11/16/2023
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N
CVSS Score Source: CVE-2023-4154
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:samba-ceph, p-cpe:/a:novell:suse_linux:libsamba-policy0-python3, p-cpe:/a:novell:suse_linux:samba, p-cpe:/a:novell:suse_linux:samba-devel-32bit, p-cpe:/a:novell:suse_linux:samba-ad-dc-libs-32bit, p-cpe:/a:novell:suse_linux:samba-winbind-libs, p-cpe:/a:novell:suse_linux:samba-client-libs, p-cpe:/a:novell:suse_linux:samba-winbind-libs-32bit, p-cpe:/a:novell:suse_linux:libsamba-policy-python3-devel, p-cpe:/a:novell:suse_linux:samba-libs, p-cpe:/a:novell:suse_linux:samba-winbind, p-cpe:/a:novell:suse_linux:samba-ad-dc, p-cpe:/a:novell:suse_linux:samba-gpupdate, p-cpe:/a:novell:suse_linux:samba-tool, p-cpe:/a:novell:suse_linux:samba-client-32bit, p-cpe:/a:novell:suse_linux:samba-client, p-cpe:/a:novell:suse_linux:samba-python3, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:samba-ldb-ldap, p-cpe:/a:novell:suse_linux:libsamba-policy-devel, p-cpe:/a:novell:suse_linux:samba-libs-32bit, p-cpe:/a:novell:suse_linux:samba-libs-python3, p-cpe:/a:novell:suse_linux:samba-dsdb-modules, p-cpe:/a:novell:suse_linux:ctdb, p-cpe:/a:novell:suse_linux:samba-client-libs-32bit, p-cpe:/a:novell:suse_linux:samba-ad-dc-libs, p-cpe:/a:novell:suse_linux:samba-devel
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 10/17/2023
Vulnerability Publication Date: 10/10/2023
Reference Information
CVE: CVE-2023-4091, CVE-2023-4154, CVE-2023-42669
IAVA: 2023-A-0535
SuSE: SUSE-SU-2023:4096-1