Published: 25/08/2022 Updated: 17/09/2023

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services.

Vulnerable Product	Search on Vulmon	Subscribe to Product
samba samba

Debian Bug report logs - #1016449 samba: CVE-2022-2031 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 Package: src:samba; Maintainer for src:samba is Debian Samba Maintainers <pkg-samba-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 31 Jul 2022 19:42:02 UT ...

Several security issues were fixed in Samba ...

Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix CVE-2022-2031 Luke Howard reported that Samba AD users can bypass certain restrictions associated with changing passwords A user who has been requested to change their password can exploit this to obtain and use tickets to oth ...

Severity Unknown Remote Unknown Type Unknown Description AVG-2782 samba 4163-1 4164-1 Unknown Fixed ...

CWE-287 https://www.samba.org/samba/security/CVE-2022-2031.html https://security.gentoo.org/glsa/202309-06 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016449 https://ubuntu.com/security/notices/USN-5542-1 https://nvd.nist.gov

CVE-2022-2031

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect