ALAS2023-2023-316

Amazon Linux 2023 Security Advisory: ALAS-2023-316
Advisory Release Date: 2023-08-17 11:20 Pacific
Advisory Updated Date: 2023-08-23 22:30 Pacific
Severity: Important
Issue Overview:

When doing NTLM authentication, the client sends replies to
cryptographic challenges back to the server. These replies
have variable length. Winbind did not properly bounds-check
the lan manager response length, which despite the lan
manager version no longer being used is still part of the
protocol.

If the system is running Samba's ntlm_auth as authentication backend
for services like Squid (or a very unusual configuration with
FreeRADIUS), the vulnarebility is remotely exploitable

If not so configured, or to exploit this vulnerability locally, the
user must have access to the privileged winbindd UNIX domain
socket (a subdirectory with name 'winbindd_privileged' under "state
directory", as set in the smb.conf).

This access is normally only given so special system services like
Squid or FreeRADIUS, that use this feature. (CVE-2022-2127)

SMB2 packet signing not enforced

NOTE: https://www.samba.org/samba/security/CVE-2023-3347.html (CVE-2023-3347)

Samba Spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability

NOTE: https://www.samba.org/samba/security/CVE-2023-34966.html (CVE-2023-34966)

Samba Spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability

NOTE: https://www.samba.org/samba/security/CVE-2023-34967.html (CVE-2023-34967)

Spotlight server-side Share Path Disclosure

NOTE: https://www.samba.org/samba/security/CVE-2023-34968.html (CVE-2023-34968)


Affected Packages:

samba


Issue Correction:
Run dnf update samba --releasever 2023.1.20230823 to update your system.

New Packages:
aarch64:
    libnetapi-4.17.10-0.amzn2023.0.1.aarch64
    samba-test-debuginfo-4.17.10-0.amzn2023.0.1.aarch64
    samba-common-libs-4.17.10-0.amzn2023.0.1.aarch64
    python3-samba-dc-4.17.10-0.amzn2023.0.1.aarch64
    python3-samba-debuginfo-4.17.10-0.amzn2023.0.1.aarch64
    samba-client-libs-debuginfo-4.17.10-0.amzn2023.0.1.aarch64
    libsmbclient-devel-4.17.10-0.amzn2023.0.1.aarch64
    libwbclient-debuginfo-4.17.10-0.amzn2023.0.1.aarch64
    samba-test-4.17.10-0.amzn2023.0.1.aarch64
    samba-winbind-krb5-locator-4.17.10-0.amzn2023.0.1.aarch64
    samba-libs-debuginfo-4.17.10-0.amzn2023.0.1.aarch64
    samba-winbind-4.17.10-0.amzn2023.0.1.aarch64
    samba-dc-libs-4.17.10-0.amzn2023.0.1.aarch64
    samba-dcerpc-debuginfo-4.17.10-0.amzn2023.0.1.aarch64
    samba-winbind-debuginfo-4.17.10-0.amzn2023.0.1.aarch64
    samba-debuginfo-4.17.10-0.amzn2023.0.1.aarch64
    python3-samba-test-4.17.10-0.amzn2023.0.1.aarch64
    samba-libs-4.17.10-0.amzn2023.0.1.aarch64
    samba-krb5-printing-4.17.10-0.amzn2023.0.1.aarch64
    samba-test-libs-4.17.10-0.amzn2023.0.1.aarch64
    samba-winbind-modules-4.17.10-0.amzn2023.0.1.aarch64
    python3-samba-4.17.10-0.amzn2023.0.1.aarch64
    samba-winbind-clients-4.17.10-0.amzn2023.0.1.aarch64
    samba-debugsource-4.17.10-0.amzn2023.0.1.aarch64
    samba-common-libs-debuginfo-4.17.10-0.amzn2023.0.1.aarch64
    samba-common-tools-4.17.10-0.amzn2023.0.1.aarch64
    samba-common-tools-debuginfo-4.17.10-0.amzn2023.0.1.aarch64
    samba-test-libs-debuginfo-4.17.10-0.amzn2023.0.1.aarch64
    samba-ldb-ldap-modules-debuginfo-4.17.10-0.amzn2023.0.1.aarch64
    samba-client-libs-4.17.10-0.amzn2023.0.1.aarch64
    samba-winbind-krb5-locator-debuginfo-4.17.10-0.amzn2023.0.1.aarch64
    libsmbclient-4.17.10-0.amzn2023.0.1.aarch64
    samba-client-debuginfo-4.17.10-0.amzn2023.0.1.aarch64
    samba-4.17.10-0.amzn2023.0.1.aarch64
    samba-winbind-clients-debuginfo-4.17.10-0.amzn2023.0.1.aarch64
    libsmbclient-debuginfo-4.17.10-0.amzn2023.0.1.aarch64
    python3-samba-dc-debuginfo-4.17.10-0.amzn2023.0.1.aarch64
    libnetapi-debuginfo-4.17.10-0.amzn2023.0.1.aarch64
    samba-dc-libs-debuginfo-4.17.10-0.amzn2023.0.1.aarch64
    samba-vfs-iouring-4.17.10-0.amzn2023.0.1.aarch64
    samba-dcerpc-4.17.10-0.amzn2023.0.1.aarch64
    samba-client-4.17.10-0.amzn2023.0.1.aarch64
    libwbclient-4.17.10-0.amzn2023.0.1.aarch64
    samba-winbind-modules-debuginfo-4.17.10-0.amzn2023.0.1.aarch64
    samba-devel-4.17.10-0.amzn2023.0.1.aarch64
    samba-ldb-ldap-modules-4.17.10-0.amzn2023.0.1.aarch64
    libnetapi-devel-4.17.10-0.amzn2023.0.1.aarch64
    samba-vfs-iouring-debuginfo-4.17.10-0.amzn2023.0.1.aarch64
    libwbclient-devel-4.17.10-0.amzn2023.0.1.aarch64
    samba-krb5-printing-debuginfo-4.17.10-0.amzn2023.0.1.aarch64
    samba-tools-4.17.10-0.amzn2023.0.1.aarch64
    python3-samba-devel-4.17.10-0.amzn2023.0.1.aarch64
    samba-usershares-4.17.10-0.amzn2023.0.1.aarch64

noarch:
    samba-pidl-4.17.10-0.amzn2023.0.1.noarch
    samba-common-4.17.10-0.amzn2023.0.1.noarch

src:
    samba-4.17.10-0.amzn2023.0.1.src

x86_64:
    python3-samba-debuginfo-4.17.10-0.amzn2023.0.1.x86_64
    libnetapi-debuginfo-4.17.10-0.amzn2023.0.1.x86_64
    samba-common-libs-4.17.10-0.amzn2023.0.1.x86_64
    samba-client-libs-debuginfo-4.17.10-0.amzn2023.0.1.x86_64
    samba-winbind-clients-4.17.10-0.amzn2023.0.1.x86_64
    libwbclient-debuginfo-4.17.10-0.amzn2023.0.1.x86_64
    python3-samba-dc-4.17.10-0.amzn2023.0.1.x86_64
    samba-winbind-modules-debuginfo-4.17.10-0.amzn2023.0.1.x86_64
    samba-test-libs-debuginfo-4.17.10-0.amzn2023.0.1.x86_64
    libnetapi-4.17.10-0.amzn2023.0.1.x86_64
    samba-winbind-clients-debuginfo-4.17.10-0.amzn2023.0.1.x86_64
    samba-common-libs-debuginfo-4.17.10-0.amzn2023.0.1.x86_64
    samba-common-tools-debuginfo-4.17.10-0.amzn2023.0.1.x86_64
    samba-winbind-4.17.10-0.amzn2023.0.1.x86_64
    samba-test-debuginfo-4.17.10-0.amzn2023.0.1.x86_64
    samba-libs-debuginfo-4.17.10-0.amzn2023.0.1.x86_64
    samba-winbind-debuginfo-4.17.10-0.amzn2023.0.1.x86_64
    python3-samba-dc-debuginfo-4.17.10-0.amzn2023.0.1.x86_64
    samba-libs-4.17.10-0.amzn2023.0.1.x86_64
    libsmbclient-debuginfo-4.17.10-0.amzn2023.0.1.x86_64
    python3-samba-test-4.17.10-0.amzn2023.0.1.x86_64
    samba-client-4.17.10-0.amzn2023.0.1.x86_64
    samba-dcerpc-debuginfo-4.17.10-0.amzn2023.0.1.x86_64
    samba-4.17.10-0.amzn2023.0.1.x86_64
    samba-test-4.17.10-0.amzn2023.0.1.x86_64
    samba-debugsource-4.17.10-0.amzn2023.0.1.x86_64
    samba-client-debuginfo-4.17.10-0.amzn2023.0.1.x86_64
    samba-debuginfo-4.17.10-0.amzn2023.0.1.x86_64
    libsmbclient-4.17.10-0.amzn2023.0.1.x86_64
    samba-common-tools-4.17.10-0.amzn2023.0.1.x86_64
    samba-devel-4.17.10-0.amzn2023.0.1.x86_64
    samba-dcerpc-4.17.10-0.amzn2023.0.1.x86_64
    samba-client-libs-4.17.10-0.amzn2023.0.1.x86_64
    python3-samba-4.17.10-0.amzn2023.0.1.x86_64
    libsmbclient-devel-4.17.10-0.amzn2023.0.1.x86_64
    samba-winbind-modules-4.17.10-0.amzn2023.0.1.x86_64
    samba-winbind-krb5-locator-debuginfo-4.17.10-0.amzn2023.0.1.x86_64
    samba-test-libs-4.17.10-0.amzn2023.0.1.x86_64
    samba-dc-libs-debuginfo-4.17.10-0.amzn2023.0.1.x86_64
    samba-ldb-ldap-modules-debuginfo-4.17.10-0.amzn2023.0.1.x86_64
    libnetapi-devel-4.17.10-0.amzn2023.0.1.x86_64
    samba-vfs-iouring-debuginfo-4.17.10-0.amzn2023.0.1.x86_64
    libwbclient-4.17.10-0.amzn2023.0.1.x86_64
    libwbclient-devel-4.17.10-0.amzn2023.0.1.x86_64
    samba-dc-libs-4.17.10-0.amzn2023.0.1.x86_64
    samba-ldb-ldap-modules-4.17.10-0.amzn2023.0.1.x86_64
    samba-winbind-krb5-locator-4.17.10-0.amzn2023.0.1.x86_64
    samba-vfs-iouring-4.17.10-0.amzn2023.0.1.x86_64
    samba-krb5-printing-debuginfo-4.17.10-0.amzn2023.0.1.x86_64
    samba-krb5-printing-4.17.10-0.amzn2023.0.1.x86_64
    samba-tools-4.17.10-0.amzn2023.0.1.x86_64
    python3-samba-devel-4.17.10-0.amzn2023.0.1.x86_64
    samba-usershares-4.17.10-0.amzn2023.0.1.x86_64

Additional References

Red Hat: CVE-2022-2127, CVE-2023-3347, CVE-2023-34966, CVE-2023-34967, CVE-2023-34968

Mitre: CVE-2022-2127, CVE-2023-3347, CVE-2023-34966, CVE-2023-34967, CVE-2023-34968