April 2, 2023

SAMBA Patches High-Severity Vulnerability

Samba has released software updates to address a variety of vulnerabilities, one of the vulnerabilities which is classified as high-severity can allow attackers to gain access to information from a Samba AD DC.

The High-Severity Vulnerabilities

• CVE-2022-38023 (CVSS score: 7.7) – Confidential attribute disclosure vulnerability, Successful exploitation might allow an attacker to obtain confidential BitLocker recovery keys from a Samba AD DC.

Affected Versions

• All versions of Samba since 4.0 prior to 4.16.10, 4.17.7, 4.18.1.

Mitigation

CYREBRO recommends updating Samba to the latest versions available – 4.16.10, 4.17.7, 4.18.1, to mitigate the vulnerabilities as soon as possible.

References: Samba Security Advisory