Debian: DSA-5205-1 Critical: Samba Escalation Threat Report
debian
August 11, 2022
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix
Topics Covered
Summary
CVE-2022-2031
Luke Howard reported that Samba AD users can bypass certain
restrictions associated with changing passwords. A user who has been
requested to change their password can exploit this to obtain and
use tickets to other services.
CVE-2022-32742
Luca Moro reported that a SMB1 client with write access to a share
can cause server memory content to be leaked.
CVE-2022-32744
Joseph Sutton reported that Samba AD users can forge password change
requests for any user, resulting in privilege escalation.
CVE-2022-32745
Joseph Sutton reported that Samba AD users can crash the server
process with a specially crafted LDAP add or modify request.
CVE-2022-32746
Joseph Sutton and Andrew Bartlett reported that Samba AD users can
cause a use-after-free in the server process with a specially
crafted LDAP add or modify request.
For the stable distribution (bullseye), these problems have been fixed in
version 2:4.13.13+dfsg-1~deb11u5. The fix for CVE-2022-32745...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: samba
CVE ID: CVE-2022-2031 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!