CVE-2023-3347

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
sambasamba
4.17.0 ≤
𝑥
< 4.17.10
sambasamba
4.18.0 ≤
𝑥
< 4.18.5
redhatstorage
3.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
samba
bookworm
2:4.17.12+dfsg-0+deb12u1
fixed
bookworm (security)
2:4.17.12+dfsg-0+deb12u1
fixed
bullseye
2:4.13.13+dfsg-1~deb11u6
not-affected
bullseye (security)
2:4.13.13+dfsg-1~deb11u6
fixed
buster
not-affected
sid
2:4.21.2+dfsg-4
fixed
trixie
2:4.21.2+dfsg-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
samba
bionic
not-affected
focal
not-affected
jammy
not-affected
kinetic
not-affected
lunar
Fixed 2:4.17.7+dfsg-1ubuntu1.1
released
trusty
not-affected
xenial
not-affected
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
ctdb
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
libnetapi
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
libnetapi-devel
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
libsmbclient
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
libsmbclient-devel
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
libwbclient
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
libwbclient-devel
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
python3-samba
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
python3-samba-dc
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
python3-samba-devel
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
python3-samba-test
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
samba
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
samba-client
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
samba-client-libs
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
samba-common
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
samba-common-libs
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
samba-common-tools
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
samba-dc-libs
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
samba-dcerpc
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
samba-devel
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
samba-krb5-printing
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
samba-ldb-ldap-modules
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
samba-libs
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
samba-pidl
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
samba-test
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
samba-test-libs
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
samba-tools
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
samba-usershares
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
samba-vfs-iouring
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
samba-winbind
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
samba-winbind-clients
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
samba-winbind-krb5-locator
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
samba-winbind-modules
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
samba-winexe
RHEL 8
0:4.17.5-3.el8_8
fixed
RHEL 8.8 AUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 E4S
0:4.17.5-3.el8_8
fixed
RHEL 8.8 EUS
0:4.17.5-3.el8_8
fixed
RHEL 8.8 TUS
0:4.17.5-3.el8_8
fixed
RHEL 9
0:4.17.5-103.el9_2
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2023:4325
https://access.redhat.com/errata/RHSA-2023:4328
https://access.redhat.com/security/cve/CVE-2023-3347
https://bugzilla.redhat.com/show_bug.cgi?id=2222792
https://www.samba.org/samba/security/CVE-2023-3347.html
https://access.redhat.com/errata/RHSA-2023:4325
https://access.redhat.com/errata/RHSA-2023:4328
https://access.redhat.com/security/cve/CVE-2023-3347
https://bugzilla.redhat.com/show_bug.cgi?id=2222792
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/
https://security.netapp.com/advisory/ntap-20230731-0010/
https://www.debian.org/security/2023/dsa-5477
https://www.samba.org/samba/security/CVE-2023-3347.html