Description 小龙 2023-11-24 16:04:13 UTC

Description:
Samba的SMB2数据包签名机制中发现了一个漏洞。如果管理员配置了服务器签名=必需，或者对于到域控制器的SMB2连接（其中SMB2数据包签名是强制的），则不会强制执行SMB2数据包签名。此缺陷允许攻击者通过拦截网络流量并修改客户端和服务器之间的SMB2消息来执行攻击，例如中间人攻击，从而影响数据的完整性。

Broken commit info:

Bugfix commit info:
https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.17.10-security-2023-07-19.patch
https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.18.5-security-2023-07-19.patch
https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.16.11-security-2023-07-19.patch