Lucene search

HistoryMar 04, 2024 - 12:00 a.m.

openSUSE: Security Advisory for ldb, samba (SUSE-SU-2022:2586-2)

2024-03-0400:00:00

plugins.openvas.org

ldb

samba

cve-2022-32746

cve-2022-32745

cve-2022-2031

cve-2022-32742

cve-2022-32744

database audit

ldap

ad restrictions

smb1

memory leak

password change

vfs

bind 9.18

dsdb audit

vfs_shadowcopy2

netgroups

waf

smbclient commands

ldconfig

upns

kerberos tickets

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.038 Low

EPSS

Percentile

91.8%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.833057");
  script_version("2024-04-16T05:05:31+0000");
  script_cve_id("CVE-2022-2031", "CVE-2022-32742", "CVE-2022-32744", "CVE-2022-32745", "CVE-2022-32746");
  script_tag(name:"cvss_base", value:"9.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-04-16 05:05:31 +0000 (Tue, 16 Apr 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2022-08-29 18:09:32 +0000 (Mon, 29 Aug 2022)");
  script_tag(name:"creation_date", value:"2024-03-04 07:24:43 +0000 (Mon, 04 Mar 2024)");
  script_name("openSUSE: Security Advisory for ldb, samba (SUSE-SU-2022:2586-2)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=openSUSELeapMicro5\.2");

  script_xref(name:"Advisory-ID", value:"SUSE-SU-2022:2586-2");
  script_xref(name:"URL", value:"https://lists.opensuse.org/archives/list/[email protected]/thread/OKGAW3GYI4KMSNAVGAHC4I662SNKLHCC");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'ldb, samba'
  package(s) announced via the SUSE-SU-2022:2586-2 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"This update for ldb, samba fixes the following issues:

  - CVE-2022-32746: Fixed a use-after-free occurring in database audit
       logging (bsc#1201490).

  - CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify
       request (bsc#1201492).

  - CVE-2022-2031: Fixed AD restrictions bypass associated with changing
       passwords (bsc#1201495).

  - CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496).

  - CVE-2022-32744: Fixed an arbitrary password change request for any AD
       user (bsc#1201493).
  The following security bugs were fixed:
  samba was updated to 4.15.8:

  * Use pathref fd instead of io fd in vfs_default_durable_cookie
       (bso#15042)

  * Setting fruit:resource = stream in vfs_fruit causes a panic  (bso#15099)

  * Add support for bind 9.18  (bso#14986)

  * logging dsdb audit to specific files does not work  (bso#15076)

  * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had
       been deleted  (bso#15069)

  * netgroups support removed  (bso#15087)  (bsc#1199247)

  * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server
       (bso#14674)  (bsc#1199734)

  * waf produces incorrect names for python extensions with Python 3.11
       (bso#15071)

  * smbclient commands del &amp  deltree fail with
       NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS  (bso#15100)  (bsc#1200556)

  * vfs_gpfs recalls=no option prevents listing files  (bso#15055)

  * waf produces incorrect names for python extensions with Python 3.11
       (bso#15071)

  * Compile error in source3/utils/regedit_hexedit.c  (bso#15091)

  * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link  (bso#15108)

  * smbd doesn't handle UPNs for looking up names  (bso#15054)

  * Out-by-4 error in smbd read reply max_send clamp  (bso#14443)

  - Move pdb backends from package samba-libs to package samba-client-libs
       and remove samba-libs requirement from samba-winbind  (bsc#1200964)
       (bsc#1198255)

  - Use the canonical realm name to refresh the Kerberos tickets
       (bsc#1196224)  (bso#14979)

  - Fix  smbclient commands del &amp  deltree failing with
       NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS  (bso#15100)  (bsc#1200556).
  ldb was updated to version 2.4.3

  * Fix build problems, waf produces incorrect names for python extensions
       (bso#15071)");

  script_tag(name:"affected", value:"'ldb, samba' package(s) on openSUSE Leap Micro 5.2.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "openSUSELeapMicro5.2") {

  if(!isnull(res = isrpmvuln(pkg:"ldb-debugsource", rpm:"ldb-debugsource~2.4.3~150300.3.20.1", rls:"openSUSELeapMicro5.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libldb2", rpm:"libldb2~2.4.3~150300.3.20.1", rls:"openSUSELeapMicro5.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libldb2-debuginfo", rpm:"libldb2-debuginfo~2.4.3~150300.3.20.1", rls:"openSUSELeapMicro5.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"samba-client-libs", rpm:"samba-client-libs~4.15.8+git.500.d5910280cc7~150300.3.37.1", rls:"openSUSELeapMicro5.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"samba-client-libs-debuginfo", rpm:"samba-client-libs-debuginfo~4.15.8+git.500.d5910280cc7~150300.3.37.1", rls:"openSUSELeapMicro5.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"samba-debuginfo", rpm:"samba-debuginfo~4.15.8+git.500.d5910280cc7~150300.3.37.1", rls:"openSUSELeapMicro5.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"samba-debugsource", rpm:"samba-debugsource~4.15.8+git.500.d5910280cc7~150300.3.37.1", rls:"openSUSELeapMicro5.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"ldb-debugsource", rpm:"ldb-debugsource~2.4.3~150300.3.20.1", rls:"openSUSELeapMicro5.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libldb2", rpm:"libldb2~2.4.3~150300.3.20.1", rls:"openSUSELeapMicro5.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libldb2-debuginfo", rpm:"libldb2-debuginfo~2.4.3~150300.3.20.1", rls:"openSUSELeapMicro5.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"samba-client-libs", rpm:"samba-client-libs~4.15.8+git.500.d5910280cc7~150300.3.37.1", rls:"openSUSELeapMicro5.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"samba-client-libs-debuginfo", rpm:"samba-client-libs-debuginfo~4.15.8+git.500.d5910280cc7~150300.3.37.1", rls:"openSUSELeapMicro5.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"samba-debuginfo", rpm:"samba-debuginfo~4.15.8+git.500.d5910280cc7~150300.3.37.1", rls:"openSUSELeapMicro5.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"samba-debugsource", rpm:"samba-debugsource~4.15.8+git.500.d5910280cc7~150300.3.37.1", rls:"openSUSELeapMicro5.2"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);