CVE-2023-0614

一、漏洞信息
 漏洞编号：[CVE-2023-0614](https://nvd.nist.gov/vuln/detail/CVE-2023-0614)
 漏洞归属组件：[libldb](https://gitee.com/src-openeuler/libldb)
 漏洞归属的版本：2.0.12,2.4.1,2.6.1
 CVSS V3.0分值：
  BaseScore：6.5 Medium
  Vector：CVSS：3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
 漏洞简述：
  The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.
 漏洞公开时间：2023-04-04 07:15
 漏洞创建时间：2023-04-13 13:00:14
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2023-0614
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
| nvd | https://www.samba.org/samba/security/CVE-2023-0614.html |  |
| nvd | https://security.netapp.com/advisory/ntap-20230406-0007/ |  |
| redhat | https://access.redhat.com/security/cve/CVE-2023-0614 |  |
| redhat_bugzilla | https://www.samba.org/samba/history/security.html | https://bugzilla.redhat.com/show_bug.cgi?id=2182776 |
| redhat_bugzilla | https://www.samba.org/samba/security/CVE-2023-0614.html | https://bugzilla.redhat.com/show_bug.cgi?id=2182776 |
| redhat_bugzilla | https://access.redhat.com/security/cve/cve-2023-0614 | https://bugzilla.redhat.com/show_bug.cgi?id=2182776 |
| ubuntu | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0614 | https://ubuntu.com/security/CVE-2023-0614 |
| ubuntu | https://www.samba.org/samba/security/CVE-2023-0614.html | https://ubuntu.com/security/CVE-2023-0614 |
| ubuntu | https://nvd.nist.gov/vuln/detail/CVE-2023-0614 | https://ubuntu.com/security/CVE-2023-0614 |
| ubuntu | https://launchpad.net/bugs/cve/CVE-2023-0614 | https://ubuntu.com/security/CVE-2023-0614 |
| ubuntu | https://security-tracker.debian.org/tracker/CVE-2023-0614 | https://ubuntu.com/security/CVE-2023-0614 |
| ubuntu | https://bugzilla.samba.org/show_bug.cgi?id=15270 | https://ubuntu.com/security/CVE-2023-0614 |
| debian |  | https://security-tracker.debian.org/tracker/CVE-2023-0614 |
| samba |  | https://www.samba.org//samba/security/CVE-2023-0225.html |
| samba |  | https://www.samba.org//samba/security/CVE-2023-0922.html |
| samba |  | https://www.samba.org//samba/security/CVE-2023-0614.html |
| anolis |  | https://anas.openanolis.cn/cves/detail/CVE-2023-0614 |
| cve_search |  | https://www.samba.org/samba/security/CVE-2023-0614.html |
| cve_search |  | https://security.netapp.com/advisory/ntap-20230406-0007/ |
| nvd | https://www.samba.org/samba/security/CVE-2023-0614.html |  |
| nvd | https://security.netapp.com/advisory/ntap-20230406-0007/ |  |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  其它
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源  |
| ------- | -------- | ------- | -------- | --------- |
| samba | 4.18.1 | https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.18.1-security-2023-03-29.patch |  | samba |
| samba | 4.17.7 | https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.17.7-security-2023-03-29.patch |  | samba |
| samba | 4.16.10 | https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.16.10-security-2023-03-29.patch |  | samba |

</details>

二、漏洞分析结构反馈
 影响性分析说明：
  针对CVE-2018-10919机密属性泄露修复不足，攻击者可能从Samba AD DC获取机密的“bitlocker recovery key”属性，造成敏感信息泄漏。
 openEuler评分：
  6.5
 Vector：CVSS：2.0/
 受影响版本排查(受影响/不受影响)：
  1.openEuler-20.03-LTS-SP1(2.0.12):受影响
2.openEuler-20.03-LTS-SP3(2.0.12):受影响
3.openEuler-22.03-LTS(2.4.1):受影响
4.openEuler-22.03-LTS-SP1(2.6.1):受影响

修复是否涉及abi变化(是/否)：
  1.openEuler-20.03-LTS-SP1(2.0.12):是
2.openEuler-20.03-LTS-SP3(2.0.12):是
3.openEuler-22.03-LTS(2.4.1):是
4.openEuler-22.03-LTS-SP1(2.6.1):是

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2023-1221

src-openEuler/libldb

内容风险标识

评论 (3)

src-openEuler/libldb .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2023-0614

评论 (3)

搜索帮助

src-openEuler/libldb