Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-0225

A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.

Published

2023-04-03T23:15:06.907

Last Modified

2025-02-18T16:15:14.343

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-732
Type: Secondary
CWE-732
Type: Secondary
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	samba	samba	< 4.17.7	Yes
Application	samba	samba	4.18.0	Yes
Application	samba	samba	4.18.0	Yes
Application	samba	samba	4.18.0	Yes
Application	samba	samba	4.18.0	Yes
Application	samba	samba	4.18.0	Yes

References

https://security.gentoo.org/glsa/202309-06 ([email protected])
https://security.netapp.com/advisory/ntap-20230406-0007/ Third Party Advisory ([email protected])
https://www.samba.org/samba/security/CVE-2023-0225.html Mitigation, Vendor Advisory ([email protected])
https://security.gentoo.org/glsa/202309-06 (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230406-0007/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.samba.org/samba/security/CVE-2023-0225.html Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)