FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
e86b8e4d-d551-11ed-8d1e-005056a311d1samba -- multiple vulnerabilities

The Samba Team reports:

An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.

The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.

The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure via LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.

Installations with such secrets in their Samba AD should assume they have been obtained and need replacing.


Discovery 2023-03-29
Entry 2023-04-07
samba416
< 4.16.10

samba417
< 4.17.7

samba418
< 4.18.1

CVE-2023-0225
https://www.samba.org/samba/security/CVE-2023-0225.html
CVE-2023-0922
https://www.samba.org/samba/security/CVE-2023-0922.html
CVE-2023-0614
https://www.samba.org/samba/security/CVE-2023-0614.html