When doing NTLM authentication, the client sends replies tocryptographic challenges back to the server. These replieshave variable length. Winbind did not properly bounds-checkthe lan manager response length, which despite the lanmanager version no longer being used is still part of theprotocol.If the system is running Samba's ntlm_auth as authentication backendfor services like Squid , the vulnarebility is remotely exploitableIf not so configured, or to exploit this vulnerability locally, theuser must have access to the privileged winbindd UNIX domainsocket .This access is normally only given so special system services likeSquid or FreeRADIUS, that use this feature. SMB2 packet signing not enforcedNOTE: https://www.samba.org/samba/security/CVE-2023-3347.html Samba Spotlight mdssvc RPC Request Infinite Loop Denial-of-Service VulnerabilityNOTE: https://www.samba.org/samba/security/CVE-2023-34966.html Samba Spotlight mdssvc RPC Request Type Confusion Denial-of-Service VulnerabilityNOTE: https://www.samba.org/samba/security/CVE-2023-34967.html Spotlight server-side Share Path DisclosureNOTE: https://www.samba.org/samba/security/CVE-2023-34968.html