Bugzilla – Bug 1213170
VUL-0: CVE-2023-3347: samba: SMB2 packet signing not enforced
Last modified: 2024-06-05 13:16:13 UTC
============================================================ == Subject: SMB2 packet signing not enforced == == CVE ID#: CVE-2023-3347 == == Versions: All versions starting with 4.17.0. == == Summary: SMB2 packet signing is not enforced if an == admin configured "server signing = required" == or for SMB2 connections to Domain Controllers == where SMB2 packet signing is mandatory. ============================================================ =========== Description =========== SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. SMB2 packet signing is a mechanism that ensures the integrity and authenticity of data exchanged between a client and a server using the SMB2 protocol. It provides protection against certain types of attacks, such as man-in-the-middle attacks, where an attacker intercepts network traffic and modifies the SMB2 messages. Both client and server of an SMB2 connection can require that signing is being used. The server-side setting in Samba to configure signing to be required is "server signing = required". Note that on an Samba AD DCs this is also the default for all SMB2 connections. Unless the client requires signing which would result in signing being used on the SMB2 connection, sensitive data might have been modified by an attacker. Clients connecting to IPC$ on an AD DC will require signed connections being used, so the integrity of these connections was not affected. ================== Patch Availability ================== Patches addressing both these issues have been posted to: https://www.samba.org/samba/security/ Additionally, Samba 4.18.5, 4.17.10 and 4.16.11 have been issued as security releases to correct the defect. Samba administrators are advised to upgrade to these releases or apply the patch as soon as possible. ================== CVSSv3 calculation ================== CVSS 3.1: AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N (6.8) ========== Workaround ========== ======= Credits ======= Originally reported by Andreas Schneider of the Samba team. Patches provided by Ralph Boehme of the Samba team. ========================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ========================================================== https://www.samba.org/samba/security/CVE-2023-3347.html
Reassigned to security team to close it.
SUSE-SU-2023:2929-1: An update that solves six vulnerabilities and has two security fixes can now be installed. Category: security (important) Bug References: 1212375, 1213170, 1213171, 1213172, 1213173, 1213174, 1213384, 1213386 CVE References: CVE-2020-25720, CVE-2022-2127, CVE-2023-3347, CVE-2023-34966, CVE-2023-34967, CVE-2023-34968 Sources used: openSUSE Leap 15.5 (src): samba-4.17.9+git.367.dae41ffdd1f-150500.3.5.1 Basesystem Module 15-SP5 (src): samba-4.17.9+git.367.dae41ffdd1f-150500.3.5.1 SUSE Linux Enterprise High Availability Extension 15 SP5 (src): samba-4.17.9+git.367.dae41ffdd1f-150500.3.5.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
All done, closing.