CVE-2023-0922

The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
sambasamba
4.0.0 ≤
𝑥
< 4.16.10
sambasamba
4.17.0 ≤
𝑥
< 4.17.7
sambasamba
4.18.0
sambasamba
4.18.0:rc1
sambasamba
4.18.0:rc2
sambasamba
4.18.0:rc3
sambasamba
4.18.0:rc4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
samba
bookworm
2:4.17.12+dfsg-0+deb12u1
fixed
bookworm (security)
2:4.17.12+dfsg-0+deb12u1
fixed
bullseye
ignored
bullseye (security)
vulnerable
buster
ignored
sid
2:4.21.2+dfsg-4
fixed
trixie
2:4.21.2+dfsg-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
samba
bionic
needed
focal
Fixed 2:4.15.13+dfsg-0ubuntu0.20.04.2
released
jammy
Fixed 2:4.15.13+dfsg-0ubuntu1.1
released
kinetic
Fixed 2:4.16.8+dfsg-0ubuntu1.1
released
lunar
Fixed 2:4.17.7+dfsg-1ubuntu1
released
mantic
Fixed 2:4.17.7+dfsg-1ubuntu1
released
noble
Fixed 2:4.17.7+dfsg-1ubuntu1
released
oracular
Fixed 2:4.17.7+dfsg-1ubuntu1
released
trusty
ignored
xenial
needed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
ldb-tools
suse enterprise desktop 15 SP4
2.4.4-150400.4.11.1
fixed
suse enterprise sap 15 SP4
2.4.4-150400.4.11.1
fixed
suse enterprise server 15 SP3
2.4.4-150300.3.23.1
fixed
suse enterprise server 15 SP4
2.4.4-150400.4.11.1
fixed
libldb-devel
suse enterprise desktop 15 SP4
2.4.4-150400.4.11.1
fixed
suse enterprise sap 15 SP4
2.4.4-150400.4.11.1
fixed
suse enterprise server 15 SP3
2.4.4-150300.3.23.1
fixed
suse enterprise server 15 SP4
2.4.4-150400.4.11.1
fixed
libldb2
suse enterprise desktop 15 SP4
2.4.4-150400.4.11.1
fixed
suse enterprise sap 15 SP4
2.4.4-150400.4.11.1
fixed
suse enterprise server 15 SP3
2.4.4-150300.3.23.1
fixed
suse enterprise server 15 SP4
2.4.4-150400.4.11.1
fixed
libldb2-32bit
suse enterprise desktop 15 SP4
2.4.4-150400.4.11.1
fixed
suse enterprise sap 15 SP4
2.4.4-150400.4.11.1
fixed
suse enterprise server 15 SP3
2.4.4-150300.3.23.1
fixed
suse enterprise server 15 SP4
2.4.4-150400.4.11.1
fixed
python3-ldb
suse enterprise desktop 15 SP4
2.4.4-150400.4.11.1
fixed
suse enterprise sap 15 SP4
2.4.4-150400.4.11.1
fixed
suse enterprise server 15 SP3
2.4.4-150300.3.23.1
fixed
suse enterprise server 15 SP4
2.4.4-150400.4.11.1
fixed
python3-ldb-devel
suse enterprise desktop 15 SP4
2.4.4-150400.4.11.1
fixed
suse enterprise sap 15 SP4
2.4.4-150400.4.11.1
fixed
suse enterprise server 15 SP3
2.4.4-150300.3.23.1
fixed
suse enterprise server 15 SP4
2.4.4-150400.4.11.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
libnetapi
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
libnetapi-debuginfo
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
libnetapi-devel
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
libsmbclient
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
libsmbclient-debuginfo
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
libsmbclient-devel
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
libwbclient
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
libwbclient-debuginfo
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
libwbclient-devel
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
python3-samba
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
python3-samba-dc
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
python3-samba-dc-debuginfo
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
python3-samba-debuginfo
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
python3-samba-devel
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
python3-samba-test
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-client
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-client-debuginfo
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-client-libs
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-client-libs-debuginfo
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-common
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-common-libs
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-common-libs-debuginfo
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-common-tools
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-common-tools-debuginfo
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-dc-libs
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-dc-libs-debuginfo
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-dcerpc
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-dcerpc-debuginfo
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-debuginfo
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-debugsource
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-devel
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-krb5-printing
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-krb5-printing-debuginfo
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-ldb-ldap-modules
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-ldb-ldap-modules-debuginfo
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-libs
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-libs-debuginfo
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-pidl
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-test
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-test-debuginfo
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-test-libs
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-test-libs-debuginfo
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-tools
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-usershares
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-vfs-iouring
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-vfs-iouring-debuginfo
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-winbind
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-winbind-clients
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-winbind-clients-debuginfo
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-winbind-debuginfo
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-winbind-krb5-locator
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-winbind-krb5-locator-debuginfo
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-winbind-modules
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
samba-winbind-modules-debuginfo
Amazon Linux 2023
2:4.17.8-0.amzn2023.0.2
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
samba
Azure Linux 3.0
0:4.18.3-1.azl3
fixed