Advisory for Samba Security Update

  • NIC-CERT/2022-08/337
  • Date: 2022-08-01
  • CVE ID: Multiple
  • Severity: High

Description:

CVE-2022-2031

The KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password can exploit this to obtain and use tickets to other services.

CVE-2022-32742

SMB1 Client with write access to a share can cause server memory contents to be written into a file or printer.

CVE-2022-32744

The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change the passwords of other users, enabling full domain takeover.

CVE-2022-32745

Samba AD users can cause the server to access uninitialized data with an LDAP add or modify request, usually resulting in a segmentation fault.

CVE-2022-32746

The AD DC database audit logging module can be made to access LDAP message values that have been freed by a preceding database module, resulting in a use-after-free. This is only possible when modifying certain privileged attributes, such as user Account Control.

Security Issues Fixed:

CVE Id

Vulnerable Versions

CVE-2022-2031

All versions of Samba prior to 4.16.4

CVE-2022-32742

All versions of Samba.

CVE-2022-32744

Samba 4.3 and later

CVE-2022-32745

Samba 4.16, 4.15.2, 4.14.10, 4.13.14, and later

CVE-2022-32746

All versions of Samba prior to 4.16.4

Affected Products and Solution:

Patches addressing these issues have been posted to:

https://www.samba.org/samba/security/

Additionally, Samba 4.16.4, 4.15.9, and 4.14.14 have been issued as security releases to correct the defect. Samba administrators are advised to upgrade to these releases or apply the patch as soon as possible.

References:

https://www.samba.org/samba/security/CVE-2022-2031.html

https://www.samba.org/samba/security/CVE-2022-32742.html

https://www.samba.org/samba/security/CVE-2022-32744.html

https://www.samba.org/samba/security/CVE-2022-32745.html

https://www.samba.org/samba/security/CVE-2022-32746.html

https://www.samba.org/samba/history/security.html