USN-6425-1

Advisory lineage Upstream: 8 Downstream: 0

Upstream

CVE-2023-4091 CVE-2023-4154 CVE-2023-42669 CVE-2023-42670 UBUNTU-CVE-2023-4091 UBUNTU-CVE-2023-4154

Published: 10 Oct 2023, 15:01

Last modified:27 Apr 2026, 17:02

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

10 Oct 2023, 15:01

Published

Vulnerability first disclosed

27 Apr 2026, 17:02

Last Modified

Vulnerability information updated

Description

samba vulnerabilities Sri Nagasubramanian discovered that the Samba acl_xattr VFS module incorrectly handled read-only files. When Samba is configured to ignore system ACLs, a remote attacker could possibly use this issue to truncate read-only files. (CVE-2023-4091) Andrew Bartlett discovered that Samba incorrectly handled the DirSync control. A remote attacker with an RODC DC account could possibly use this issue to obtain all domain secrets. (CVE-2023-4154) Andrew Bartlett discovered that Samba incorrectly handled the rpcecho development server. A remote attacker could possibly use this issue to cause Samba to stop responding, resulting in a denial of service. (CVE-2023-42669) Kirin van der Veer discovered that Samba incorrectly handled certain RPC service listeners. A remote attacker could possibly use this issue to cause Samba to start multiple incompatible RPC listeners, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04. (CVE-2023-42670)

Affected Systems

ubuntu•samba
< 2:4.15.13+dfsg-0ubuntu0.20.04.6 | < 2:4.15.13+dfsg-0ubuntu1.5

USN-6425-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (5)