Lucene search

K
mageiaGentoo FoundationMGASA-2022-0299
HistoryAug 26, 2022 - 12:21 a.m.

Updated ldb/samba/sssd packages fix security vulnerability

2022-08-2600:21:07
Gentoo Foundation
advisories.mageia.org
35
updated packages
samba
sssd
ad restrictions bypass
memory leak
arbitrary password change
ldap server crash
use-after-free vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.043

Percentile

92.4%

Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). (CVE-2022-2031) Fixed a memory leak in SMB1 (bsc#1201496). (CVE-2022-32742) Fixed an arbitrary password change request for any AD user (bsc#1201493). (CVE-2022-32744) Fixed a remote server crash with an LDAP add or modify request (bsc#1201492) (CVE-2022-32745) Fixed a use-after-free occurring in database audit logging (bsc#1201490). (CVE-2022-32746)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchldb< 2.3.4-1ldb-2.3.4-1.mga8
Mageia8noarchsamba< 4.14.14-1samba-4.14.14-1.mga8
Mageia8noarchsssd< 2.4.0-1.4sssd-2.4.0-1.4.mga8

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.043

Percentile

92.4%