Advisory for Samba Security Update
- NIC-CERT/2022-08/337
- Date: 2022-08-01
- CVE ID: Multiple
- Severity: High
Advisory for Samba Security Update
Description:
CVE-2022-2031
The KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password can exploit this to obtain and use tickets to other services.
CVE-2022-32742
SMB1 Client with write access to a share can cause server memory contents to be written into a file or printer.
CVE-2022-32744
The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change the passwords of other users, enabling full domain takeover.
CVE-2022-32745
Samba AD users can cause the server to access uninitialized data with an LDAP add or modify request, usually resulting in a segmentation fault.
CVE-2022-32746
The AD DC database audit logging module can be made to access LDAP message values that have been freed by a preceding database module, resulting in a use-after-free. This is only possible when modifying certain privileged attributes, such as user Account Control.
Security Issues Fixed:
|
CVE Id |
Vulnerable Versions |
|
CVE-2022-2031 |
All versions of Samba prior to 4.16.4 |
|
CVE-2022-32742 |
All versions of Samba. |
|
CVE-2022-32744 |
Samba 4.3 and later |
|
CVE-2022-32745 |
Samba 4.16, 4.15.2, 4.14.10, 4.13.14, and later |
|
CVE-2022-32746 |
All versions of Samba prior to 4.16.4 |
Affected Products and Solution:
Patches addressing these issues have been posted to:
https://www.samba.org/samba/security/
Additionally, Samba 4.16.4, 4.15.9, and 4.14.14 have been issued as security releases to correct the defect. Samba administrators are advised to upgrade to these releases or apply the patch as soon as possible.
References:
https://www.samba.org/samba/security/CVE-2022-2031.html
https://www.samba.org/samba/security/CVE-2022-32742.html
https://www.samba.org/samba/security/CVE-2022-32744.html
https://www.samba.org/samba/security/CVE-2022-32745.html
https://www.samba.org/samba/security/CVE-2022-32746.html
https://www.samba.org/samba/history/security.html
