CERT-In Vulnerability Note
CIVN-2022-0309
Multiple vulnerabilities in Samba
Original Issue Date:July 29, 2022
Severity Rating: HIGH
Software Affected
- Samba versions prior to 4.16.4
- Samba versions prior to 4.15.9
- Samba versions prior to 4.14.14
Overview
Multiple vulnerabilities have been reported in Samba, which could allow an attacker to gain elevated privileges, cause denial of service, disclose sensitive information and bypass security restrictions on the targeted system.
Description
1. Privilege Escalation Vulnerability
(
CVE-2022-2031
)
This vulnerability exists in Samba due to a flaw in KDC, and the kpasswd service shares a single account and set of keys. An attacker could exploit this vulnerability by sending a specially-crafted request to obtain and use tickets to other services.
Successful exploitation of this vulnerability could allow an attacker to gain elevated privileges to obtain and use tickets to other services on the targeted system.
2. Information Disclosure Vulnerability
(
CVE-2022-32742
)
This vulnerability exists in Samba due to a memory leak when handling SMB1 requests. An attacker could exploit this vulnerability by sending a specially-crafted request to write data to a file or printer share.
Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information on the targeted system.
3. Security Bypass Vulnerability
(
CVE-2022-32744
)
This vulnerability exists in Samba due to a flaw in the kpasswd service. An attacker could exploit this vulnerability by sending a specially-crafted request to change the password of the Administrator account.
Successful exploitation of this vulnerability could allow an attacker to bypass security restrictions to gain full control of the targeted system.
4. Denial of Service Vulnerability
(
CVE-2022-32745
)
This vulnerability exists in Samba due to an infinite loop flaw when processing LDAP requests. A remote attacker could exploit this vulnerability by sending a specially-crafted LDAP add or modify request.
Successful exploitation of this vulnerability could allow a remote attacker to cause a denial of service condition on the targeted system.
5. Denial of Service Vulnerability
(
CVE-2022-32746
)
This vulnerability exists in Samba due to a use-after-free flaw when handling LDAP requests. A remote attacker could exploit this vulnerability by sending a specially-crafted LDAP request.
Successful exploitation of this vulnerability could allow a remote attacker to cause a denial of service condition, which may lead to corrupted log output or a crash of the targeted system.
Solution
Apply appropriate updates as mentioned in Samba security releases
https://www.samba.org/samba/history/security.html
Vendor Information
Samba
https://www.samba.org
References
Samba
https://www.samba.org/samba/security/CVE-2022-2031.html
https://www.samba.org/samba/security/CVE-2022-32742.html
https://www.samba.org/samba/security/CVE-2022-32744.html
https://www.samba.org/samba/security/CVE-2022-32745.html
https://www.samba.org/samba/security/CVE-2022-32746.html
CVE Name
CVE-2022-2031
CVE-2022-32742
CVE-2022-32744
CVE-2022-32745
CVE-2022-32746
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|