Critical Samba vulnerabilities easily allow hacking of servers

Samba is a free software project that runs on operating systems that are similar to UNIX and supports the Windows file sharing protocol. This protocol once went by the name SMB, but it was renamed CIFS a little while later. Computers running GNU/Linux, Mac OS X, or Unix in general may be perceived as servers or communicate with other computers in Windows-based networks in this fashion, making it possible for these machines to perform either role.

Samba has recently been found to have several security flaws, any one of which might possibly let an attacker obtain access to sensitive data. This poses a substantial danger to the system’s security.

CVE-2023-0614 (CVSSv3 score of 7.7): Access-controlled AD LDAP attributes can be found

The vulnerability known as CVE-2023-0614 has been discovered, and it enables attackers to access and possibly gain private information, such as BitLocker recovery keys, from a Samba AD DC. As the remedy for the prior vulnerability, CVE-2018-10919, was inadequate, companies that store such secrets in their Samba AD should assume that they have been compromised and need to be replaced.

Impact: The exposure of secret information has the potential to result in unauthorized access to sensitive resources, which presents a severe threat to the organization’s security.

All Samba releases since the 4.0 version are impacted by this issue.

Workaround: The solution that is proposed is to avoid storing sensitive information in Active Directory, with the exception of passwords or keys that are essential for AD functioning. They are in the hard-coded secret attribute list, hence they are not vulnerable to the vulnerability.

CVE-2023-0922 (CVSSv3 score of 5.9): 

They are in the hard-coded secret attribute list, hence they are not vulnerable to the vulnerability.
This vulnerability, identified as CVE-2023-0922, affects the Samba AD DC administrative tool known as samba-tool. By default, this tool transmits credentials in plaintext whenever it is used to perform operations against a remote LDAP server. When samba-tool is used to reset a user’s password or add a new user, this vulnerability is triggered. It might theoretically enable an attacker to intercept the freshly set passwords by analyzing network traffic.

The transmission of passwords in plain text opens up the possibility of unwanted access to critical information and puts the security of the whole network at risk.

All versions of Samba released after 4.0 are included in this category.

Workaround: To reduce the risk of exploiting this issue, change the smb.conf file to include the line “client ldap sasl wrapping = seal,” or add the —option=clientldapsaslwrapping=sign option to each samba-tool or ldbmodify invocation that sets a password.

As is the case with vulnerabilities in other software, those in Samba may put an organization’s security at severe risk. Administrators of Samba are strongly encouraged to update to these versions or to install the patch as soon as reasonably practical.