DSA-5205-1 samba -- sambaID: oval:org.secpod.oval:def:86405 | Date: (C)2023-01-02 (M)2024-04-29 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. CVE-2022-2031 Luke Howard reported that Samba AD users can bypass certain restrictions associated with changing passwords. A user who has been requested to change their password can exploit this to obtain and use tickets to other services. CVE-2022-32742 Luca Moro reported that a SMB1 client with write access to a share can cause server memory content to be leaked. CVE-2022-32744 Joseph Sutton reported that Samba AD users can forge password change requests for any user, resulting in privilege escalation. CVE-2022-32745 Joseph Sutton reported that Samba AD users can crash the server process with a specially crafted LDAP add or modify request. CVE-2022-32746 Joseph Sutton and Andrew Bartlett reported that Samba AD users can cause a use-after-free in the server process with a specially crafted LDAP add or modify request.
Product: |
libwbclient-dev |
samba |
libnss-winbind |
libpam-winbind |
libsmbclient |
smbclient |
winbind |
python3-samba |
libwbclient0 |
ctdb |
registry-tools |