Lucene search

AmazonALAS-2022-1642

HistoryDec 01, 2022 - 5:33 p.m.

Important: samba

2022-12-0117:33:00

alas.aws.amazon.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.039 Low

EPSS

Percentile

91.9%

JSON

Issue Overview:

It was found that the Kerberos Key Distribution Center (KDC) delegation feature, Service for User (S4U), did not sufficiently protect the tickets it’s providing from tempering. A malicious, authenticated service principal allowed to delegate could use this flaw to impersonate a non-forwardable user. (CVE-2020-17049)

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer). (CVE-2022-32742)

A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users’ passwords, enabling full domain takeover. (CVE-2022-32744)

A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault. (CVE-2022-32745)

A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl. (CVE-2022-32746)

Affected Packages:

samba

Issue Correction:
Run yum update samba to update your system.

New Packages:

i686:  
    samba-devel-4.10.16-20.62.amzn1.i686  
    samba-common-libs-4.10.16-20.62.amzn1.i686  
    libwbclient-4.10.16-20.62.amzn1.i686  
    samba-winbind-clients-4.10.16-20.62.amzn1.i686  
    samba-python-4.10.16-20.62.amzn1.i686  
    samba-debuginfo-4.10.16-20.62.amzn1.i686  
    samba-client-libs-4.10.16-20.62.amzn1.i686  
    samba-test-4.10.16-20.62.amzn1.i686  
    libsmbclient-devel-4.10.16-20.62.amzn1.i686  
    samba-winbind-modules-4.10.16-20.62.amzn1.i686  
    samba-winbind-krb5-locator-4.10.16-20.62.amzn1.i686  
    ctdb-tests-4.10.16-20.62.amzn1.i686  
    samba-python-test-4.10.16-20.62.amzn1.i686  
    samba-common-tools-4.10.16-20.62.amzn1.i686  
    libwbclient-devel-4.10.16-20.62.amzn1.i686  
    samba-libs-4.10.16-20.62.amzn1.i686  
    samba-test-libs-4.10.16-20.62.amzn1.i686  
    ctdb-4.10.16-20.62.amzn1.i686  
    libsmbclient-4.10.16-20.62.amzn1.i686  
    samba-krb5-printing-4.10.16-20.62.amzn1.i686  
    samba-winbind-4.10.16-20.62.amzn1.i686  
    samba-4.10.16-20.62.amzn1.i686  
    samba-client-4.10.16-20.62.amzn1.i686  
  
noarch:  
    samba-pidl-4.10.16-20.62.amzn1.noarch  
    samba-common-4.10.16-20.62.amzn1.noarch  
  
src:  
    samba-4.10.16-20.62.amzn1.src  
  
x86_64:  
    libsmbclient-devel-4.10.16-20.62.amzn1.x86_64  
    samba-test-libs-4.10.16-20.62.amzn1.x86_64  
    libwbclient-devel-4.10.16-20.62.amzn1.x86_64  
    samba-python-4.10.16-20.62.amzn1.x86_64  
    ctdb-4.10.16-20.62.amzn1.x86_64  
    samba-4.10.16-20.62.amzn1.x86_64  
    libwbclient-4.10.16-20.62.amzn1.x86_64  
    samba-client-4.10.16-20.62.amzn1.x86_64  
    samba-krb5-printing-4.10.16-20.62.amzn1.x86_64  
    samba-winbind-modules-4.10.16-20.62.amzn1.x86_64  
    samba-winbind-krb5-locator-4.10.16-20.62.amzn1.x86_64  
    samba-devel-4.10.16-20.62.amzn1.x86_64  
    samba-winbind-clients-4.10.16-20.62.amzn1.x86_64  
    ctdb-tests-4.10.16-20.62.amzn1.x86_64  
    samba-python-test-4.10.16-20.62.amzn1.x86_64  
    samba-libs-4.10.16-20.62.amzn1.x86_64  
    samba-test-4.10.16-20.62.amzn1.x86_64  
    samba-common-tools-4.10.16-20.62.amzn1.x86_64  
    samba-winbind-4.10.16-20.62.amzn1.x86_64  
    samba-debuginfo-4.10.16-20.62.amzn1.x86_64  
    libsmbclient-4.10.16-20.62.amzn1.x86_64  
    samba-common-libs-4.10.16-20.62.amzn1.x86_64  
    samba-client-libs-4.10.16-20.62.amzn1.x86_64

Additional References

Red Hat: CVE-2020-17049, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745, CVE-2022-32746

Mitre: CVE-2020-17049, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745, CVE-2022-32746

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686samba-devel< 4.10.16-20.62.amzn1samba-devel-4.10.16-20.62.amzn1.i686.rpm
Amazon Linux1i686samba-common-libs< 4.10.16-20.62.amzn1samba-common-libs-4.10.16-20.62.amzn1.i686.rpm
Amazon Linux1i686libwbclient< 4.10.16-20.62.amzn1libwbclient-4.10.16-20.62.amzn1.i686.rpm
Amazon Linux1i686samba-winbind-clients< 4.10.16-20.62.amzn1samba-winbind-clients-4.10.16-20.62.amzn1.i686.rpm
Amazon Linux1i686samba-python< 4.10.16-20.62.amzn1samba-python-4.10.16-20.62.amzn1.i686.rpm
Amazon Linux1i686samba-debuginfo< 4.10.16-20.62.amzn1samba-debuginfo-4.10.16-20.62.amzn1.i686.rpm
Amazon Linux1i686samba-client-libs< 4.10.16-20.62.amzn1samba-client-libs-4.10.16-20.62.amzn1.i686.rpm
Amazon Linux1i686samba-test< 4.10.16-20.62.amzn1samba-test-4.10.16-20.62.amzn1.i686.rpm
Amazon Linux1i686libsmbclient-devel< 4.10.16-20.62.amzn1libsmbclient-devel-4.10.16-20.62.amzn1.i686.rpm
Amazon Linux1i686samba-winbind-modules< 4.10.16-20.62.amzn1samba-winbind-modules-4.10.16-20.62.amzn1.i686.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	1	i686	samba-devel	< 4.10.16-20.62.amzn1	samba-devel-4.10.16-20.62.amzn1.i686.rpm
Amazon Linux	1	i686	samba-common-libs	< 4.10.16-20.62.amzn1	samba-common-libs-4.10.16-20.62.amzn1.i686.rpm
Amazon Linux	1	i686	libwbclient	< 4.10.16-20.62.amzn1	libwbclient-4.10.16-20.62.amzn1.i686.rpm
Amazon Linux	1	i686	samba-winbind-clients	< 4.10.16-20.62.amzn1	samba-winbind-clients-4.10.16-20.62.amzn1.i686.rpm
Amazon Linux	1	i686	samba-python	< 4.10.16-20.62.amzn1	samba-python-4.10.16-20.62.amzn1.i686.rpm
Amazon Linux	1	i686	samba-debuginfo	< 4.10.16-20.62.amzn1	samba-debuginfo-4.10.16-20.62.amzn1.i686.rpm
Amazon Linux	1	i686	samba-client-libs	< 4.10.16-20.62.amzn1	samba-client-libs-4.10.16-20.62.amzn1.i686.rpm
Amazon Linux	1	i686	samba-test	< 4.10.16-20.62.amzn1	samba-test-4.10.16-20.62.amzn1.i686.rpm
Amazon Linux	1	i686	libsmbclient-devel	< 4.10.16-20.62.amzn1	libsmbclient-devel-4.10.16-20.62.amzn1.i686.rpm
Amazon Linux	1	i686	samba-winbind-modules	< 4.10.16-20.62.amzn1	samba-winbind-modules-4.10.16-20.62.amzn1.i686.rpm