CVE-2023-34968
Summary
| CVE | CVE-2023-34968 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-07-20 15:15:00 UTC |
| Updated | 2024-01-30 16:15:00 UTC |
| Description | A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 11.0 | All | All | All |
| Operating System | Debian | Debian Linux | 12.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 37 | All | All | All |
| Operating System | Fedoraproject | Fedora | 38 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 8.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 9.0 | All | All | All |
| Application | Redhat | Storage | 3.0 | All | All | All |
| Application | Samba | Samba | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat | access.redhat.com | ||
| [SECURITY] Fedora 38 Update: samba-4.18.5-0.fc38 - package-announce - Fedora Mailing-Lists | MISC | lists.fedoraproject.org | |
| Debian -- Security Information -- DSA-5477-1 samba | MISC | www.debian.org | |
| Red Hat | access.redhat.com | ||
| Red Hat | access.redhat.com | ||
| Red Hat | access.redhat.com | ||
| July 2023 Samba Vulnerabilities in NetApp Products | NetApp Product Security | MISC | security.netapp.com | |
| cve-details | MISC | access.redhat.com | |
| Samba - Security Announcement Archive | MISC | www.samba.org | |
| [SECURITY] Fedora 37 Update: samba-4.17.10-0.fc37 - package-announce - Fedora Mailing-Lists | MISC | lists.fedoraproject.org | |
| 2222795 – (CVE-2023-34968) CVE-2023-34968 samba: spotlight server-side share path disclosure | MISC | bugzilla.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 161079 Oracle Enterprise Linux Security Update for samba (ELSA-2023-6667)
- 161138 Oracle Enterprise Linux Security Update for samba (ELSA-2023-7139)
- 199593 Ubuntu Security Notification for Samba Vulnerabilities (USN-6238-1)
- 242329 Red Hat Update for samba security (RHSA-2023:6667)
- 242428 Red Hat Update for samba security (RHSA-2023:7139)
- 242787 Red Hat Update for samba (RHSA-2024:0580)
- 242852 Red Hat Update for samba (RHSA-2024:0423)
- 284336 Fedora Security Update for samba (FEDORA-2023-76c06c8576)
- 284369 Fedora Security Update for samba (FEDORA-2023-bcd91bfcd3)
- 355878 Amazon Linux Security Advisory for samba : ALAS2023-2023-316
- 379622 Alibaba Cloud Linux Security Update for evolution-mapi (ALINUX3-SA-2024:0037)
- 6000221 Debian Security Update for samba (DSA 5477-1)
- 6000543 Debian Security Update for samba (DSA 5647-1)
- 673600 EulerOS Security Update for samba (EulerOS-SA-2023-2869)
- 673831 EulerOS Security Update for samba (EulerOS-SA-2023-2852)
- 691226 Free Berkeley Software Distribution (FreeBSD) Security Update for samba (441e1e1a-27a5-11ee-a156-080027f5fec9)
- 710873 Gentoo Linux Samba Multiple Vulnerabilities (GLSA 202402-28)
- 754194 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2023:2888-1)
- 754225 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2023:3060-1)
- 755893 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2023:2929-1)
- 755894 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2023:2930-1)
- 941384 AlmaLinux Security Update for samba (ALSA-2023:6667)
- 941423 AlmaLinux Security Update for samba (ALSA-2023:7139)