Published: 20/07/2023 Updated: 22/04/2024

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 0

An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.

Vulnerable Product	Search on Vulmon	Subscribe to Product
samba samba
redhat enterprise linux 7.0
redhat enterprise linux 6.0
redhat enterprise linux 8.0
redhat enterprise linux 9.0
fedoraproject fedora 37
fedoraproject fedora 38
debian debian linux 12.0

Several vulnerabilities have been discovered in Samba, which could result in information disclosure, denial of service or insufficient enforcement of security-relevant config directives The version of Samba in the oldstable distribution (bullseye) cannot be fully supported further: If you are using Samba as a domain controller you should either up ...

Synopsis Moderate: samba security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba, evolution-mapi, and openchangeis now available for Red Hat Enterprise Linux 8Red Hat ...

Synopsis Moderate: samba security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba is now available for Red Hat Enterprise Linux 88 Extended Update SupportRed Hat Product Security has rated this ...

Synopsis Moderate: samba security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for samba, evolution-mapi, and openchange is now available for Red Hat Enterprise Linux 9Red Hat ...

When doing NTLM authentication, the client sends replies tocryptographic challenges back to the server These replieshave variable length Winbind did not properly bounds-checkthe lan manager response length, which despite the lanmanager version no longer being used is still part of theprotocol If the system is running Samba's ntlm_auth as authent ...

Description This CVE is under investigation by Red Hat Product Security ...

CWE-125 https://www.samba.org/samba/security/CVE-2022-2127.html https://access.redhat.com/security/cve/CVE-2022-2127 https://bugzilla.redhat.com/show_bug.cgi?id=2222791 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/https://security.netapp.com/advisory/ntap-20230731-0010/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/https://www.debian.org/security/2023/dsa-5477 https://access.redhat.com/errata/RHSA-2023:6667 https://access.redhat.com/errata/RHSA-2023:7139 https://access.redhat.com/errata/RHSA-2024:0423 https://access.redhat.com/errata/RHSA-2024:0580 https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html https://www.debian.org/security/2023/dsa-5477 https://nvd.nist.gov

CVE-2022-2127

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect