Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. CVE-2022-2031 Luke Howard reported that Samba AD users can bypass certain restrictions associated with changing passwords. A user who has been requested to change their password can exploit this to obtain and use tickets to other services. CVE-2022-32742 Luca Moro reported that a SMB1 client with write access to a share can cause server memory content to be leaked. CVE-2022-32744 Joseph Sutton reported that Samba AD users can forge password change requests for any user, resulting in privilege escalation. CVE-2022-32745 Joseph Sutton reported that Samba AD users can crash the server process with a specially crafted LDAP add or modify request. CVE-2022-32746 Joseph Sutton and Andrew Bartlett reported that Samba AD users can cause a use-after-free in the server process with a specially crafted LDAP add or modify request. For the stable distribution (bullseye), these problems have been fixed in version 2:4.13.13+dfsg-1~deb11u5. The fix for CVE-2022-32745 required an update to ldb 2:2.2.3-2~deb11u2 to correct the defect. We recommend that you upgrade your samba packages. For the detailed security status of samba please refer to its security tracker page at: https://security-tracker.debian.org/tracker/samba
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix.
Luke Howard reported that Samba AD users can bypass certain restrictions associated with changing passwords. A user who has been requested to change their password can exploit this to obtain and use tickets to other services.
Luca Moro reported that a SMB1 client with write access to a share can cause server memory content to be leaked.
Joseph Sutton reported that Samba AD users can forge password change requests for any user, resulting in privilege escalation.
Joseph Sutton reported that Samba AD users can crash the server process with a specially crafted LDAP add or modify request.
Joseph Sutton and Andrew Bartlett reported that Samba AD users can cause a use-after-free in the server process with a specially crafted LDAP add or modify request.
For the stable distribution (bullseye), these problems have been fixed in version 2:4.13.13+dfsg-1~deb11u5. The fix for CVE-2022-32745 required an update to ldb 2:2.2.3-2~deb11u2 to correct the defect.
We recommend that you upgrade your samba packages.
For the detailed security status of samba please refer to its security tracker page at: https://security-tracker.debian.org/tracker/samba
Vulmon