Mageia: OpenSSL Vulnerabilities and SSL Protocol Weaknesses 2023-0011

mageia

January 24, 2023

There is a limited write heap buffer overflow in the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal (included in Samba)

Summary

There is a limited write heap buffer overflow in the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal (included in Samba). Some SMB1 write requests were not correctly range checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client supplied data. The client cannot control the area of the server memory that is written to the file (or printer) (CVE-2022-3437)
A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem. (CVE-2022-3592)
Active directory elevation of privilege vulnerability (CVE-2022-37966)
Active directory elevation of ...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=30843

- https://lists.suse.com/pipermail/sle-security-updates/2022-September/012209.html

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YOHL3O2H4FYUTUK2D4PURO24UAX3EBPW/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RWT32WRO3GIUCYYBMM7WJSBXB7UVCOAU/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FXHIAIPMFZWDIVEPCU6MTIM33HSORPOQ/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VCTYD5EQRS73QZTWPOC2ZO2FL7MMYXMS/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/G2CYDXPFBQES2Z4KLZDILGXFFQ3VIGZ4/

- https://www.cve.org/CVERecord?id=CVE-2022-3437

- https://www.cve.org/CVERecord?id=CVE-2022-3592

- https://www.cve.org/CVERecord?id=CVE-2022-37966

- https://www.cve.org/CVERecord?id=CVE-2022-37967

- https://www.cve.org/CVERecord?id=CVE-2022-38023

- https://www.cve.org/CVERecord?id=CVE-2022-42898

- https://www.cve.org/CVERecord?id=CVE-2022-45141

Topics Covered

security advisory buffer overflow remote access samba access issue moderate severity mageia

Resolution

SRPMS

- 8/core/ldb-2.5.2-1.mga8

- 8/core/samba-4.16.8-1.mga8

- 8/core/sssd-2.4.0-1.5.mga8

- 8/core/talloc-2.3.4-1.mga8

- 8/core/tdb-1.4.7-2.mga8

- 8/core/tevent-0.12.1-1.mga8

Severity

important

Lowest

Low

Medium

High

Critical

Publication date: 24 Jan 2023

URL: https://advisories.mageia.org/MGASA-2023-0010.html

Type: security

CVE: CVE-2022-3437, CVE-2022-3592, CVE-2022-37966, CVE-2022-37967, CVE-2022-38023, CVE-2022-42898, CVE-2022-45141

Topics Covered

security advisory buffer overflow remote access samba access issue moderate severity mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks