Versions
Affects samba v4.10.0 to 4.15.1, Fixed in samba v4.15.2, v4.14.10 and v4.13.14.
4.19.1
samba 4.15.2, samba 4.14.10, samba 4.13.14
4.17.12
Affects all versions since samba 4.0 | Fixedin samba v4.15.2, v4.14.10 and v4.13.14
Affects samba file server before v4.15.0, Fixed in samba v4.15.0
Affected-All versions since Samba 4.0.0, Fixed-In-v4.15.2, v4.14.10 and v4.13.14
samba 4.11.15, samba 4.12.9, samba 4.13.1
samba 4.1 and newer
Versions prior to samba 4.16.4, samba 4.15.9, samba 4.14.14
Affects samba since 4.17.0, Fixed samba 4.17.2.
Fixed in samba 4.15.11, samba 4.16.6, samba 4.17.2.
Affects Samba 4.1 and newer.
samba 4.14.1, samba 4.13.6, samba 4.12.13
4.18.8
All versions of Samba prior to 4.15.5
All Samba versions before 4.10.17, 4.11.11, 4.12.4
samba 4.18.1, samba 4.17.7, samba 4.16.10
Affects Samba v4.0.0 and later, Fixed in samba v4.13.17, v4.14.12, v4.15.4.
Samba 4.1 and newer
Fixed in samba 4.15.13, samba 4.16.8, samba 4.15.13
All samba versions before 4.11.15, before 4.12.9 and before 4.13.1
All Samba versions before 4.10.17, before 4.11.11 and before 4.12.4
All versions from 4.0.0 onwards
Fixed in samba 4.13.12, samba 4.14.8
Recent CVEs
CVE-2023-4154
A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence.
CVE-2023-0614
The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.
CVE-2023-0225
A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.
CVE-2023-0922
The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.
CVE-2021-20251
A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met.
CVE-2022-45141
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).
CVE-2018-14628
An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.
CVE-2022-3437
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.
CVE-2022-3592
A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem.
CVE-2022-1615
In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.