CVE-2023-4154

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-4154
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-4154.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-4154
Downstream
Related
Published
2023-11-07T19:14:28.305Z
Modified
2026-06-18T03:57:25.402474051Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Samba: ad dc password exposure to privileged users and rodcs
Details

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence.

Database specific 
{
    "cna_assigner": "redhat",
    "cwe_ids": [
        "CWE-787"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/4xxx/CVE-2023-4154.json"
}
References

Affected packages

Git / github.com/samba-team/samba

Affected ranges

Type
GIT
Repo
https://github.com/samba-team/samba
Events
Introduced
df33344d8eb40221d60c99931690703a11d91bc2
Fixed
7ec207cd4146919e4ee88e5522647c169baf6922
Introduced
a597a8767fabfe85ee0bcf869407e770a0c3e184
Fixed
f1c0d4f1feb8105d22307e29150e0b7d59b5fed9
Introduced
b7921852ad6ac048abbbe577b9faced2d694c685
Fixed
d9e90993b4049bac99227c8f3c8823df45f7f46d
Database specific 
{
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.17.12"
        },
        {
            "introduced": "4.18.0"
        },
        {
            "fixed": "4.18.8"
        },
        {
            "introduced": "4.19.0"
        },
        {
            "fixed": "4.19.1"
        }
    ],
    "cpe": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*"
}

Affected versions

ldb-2.*
ldb-2.7.2
samba-4.*
samba-4.18.0
samba-4.18.1
samba-4.18.2
samba-4.18.3
samba-4.18.4
samba-4.18.6
samba-4.18.7
samba-4.19.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-4154.json"