These Samba vulnerabilities allow servers to be hacked

These Samba vulnerabilities allow servers to be hacked

Samba is a free software project that runs on UNIX-like operating systems and supports the Windows file sharing protocol. This protocol was once called SMB, but was renamed CIFS a bit later. Computers running GNU/Linux, Mac OS X, or Unix can generally be perceived as servers or communicate with other computers on Windows-based networks in this way, making it possible for these machines to perform any of the functions.

Samba was recently discovered to have several security flaws, any of which could allow an attacker to gain access to sensitive data. This represents a substantial danger to the security of the system.

The vulnerability known as CVE-2023-0614 has been discovered, and allows attackers to access and possibly obtain private information, such as BitLocker recovery keys, from a Samba AD DC. As the remedy for the previous vulnerability, CVE-2018-10919, was inadequate, companies that store such secrets in their Samba AD should assume that they have been compromised and need to be replaced.

Impact: The exposure of secret information has the potential to result in unauthorized access to sensitive resources, posing a serious threat to organizational security.

All Samba releases since version 4.0 are affected by this problem.

Workaround: The proposed solution is to avoid storing sensitive information in Active Directory, except for passwords or keys that are essential for AD to function. They are on the list of hardcoded secret attributes, so they are not vulnerable to the exploit.

They are on the list of hardcoded secret attributes, so they are not vulnerable to the exploit.
This vulnerability, identified as CVE-2023-0922, affects the Samba AD DC administrative tool known as samba-tool. By default, this tool transmits credentials in plain text each time it is used to perform operations on a remote LDAP server. When samba-tool is used to reset a user’s password or add a new user, this vulnerability is triggered. Theoretically, it could allow an attacker to intercept newly set passwords by analyzing network traffic.

The transmission of passwords in plain text opens the possibility of unwanted access to critical information and puts the security of the entire network at risk.

All versions of Samba released after 4.0 are included in this category.

Workaround: To reduce the risk of exploiting this issue, change the smb.conf file to include the line “client ldap sasl wrap = seal” or add the option —option=clientldapsaslwrapping=sign to each invocation of samba-tool or ldbmodify that set a password.

As with vulnerabilities in other software, those in Samba can seriously compromise the security of an organization. Samba administrators are strongly encouraged to update to these versions or install the patch as soon as reasonably practical.


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recent News

Editor's Pick