Lucene search

K
rosalinuxROSA LABROSA-SA-2024-2451
HistoryJul 15, 2024 - 9:04 a.m.

Advisory ROSA-SA-2024-2451

2024-07-1509:04:20
ROSA LAB
abf.rosalinux.ru
15
samba
vulnerabilities
buffer overflow
remote execution
file system
confidentiality
integrity
metadata
dce/rpc
ldap
denial of service
ad dc rpc
vfs module
kdc kpasswd service
authentication procedure

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.18

Percentile

96.3%

Software: samba 4.12.3
OS: ROSA Virtualization 2.1

package_evr_string: samba-4.12.3

CVE-ID: CVE-2020-25722
BDU-ID: 2022-00004
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the Active Directory Domain Controller component of the Samba networking software package is caused by a buffer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Not Current
CVE-REV:

CVE-ID: CVE-2021-20254
BDU-ID: 2021-03130
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Samba file system involves reading beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality and integrity of protected information
CVE-STATUS: Not relevant
CVE-REV:

CVE-ID: CVE-2021-20316
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability has been discovered in the way Samba handles file/directory metadata. This vulnerability allows an authenticated attacker with permissions to read or modify share metadata to perform this operation outside of the share.
CVE-STATUS: Not Relevant
CVE-REV:

CVE-ID: CVE-2021-23192
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: A bug was discovered in Samba’s implementation of DCE/RPC. If a client on a Samba server sent a very large DCE/RPC request and decided to fragment it, an attacker could replace subsequent fragments with their own data, bypassing the signature requirements.
CVE-STATUS: Not relevant
CVE-REV:

CVE-ID: CVE-2021-3670
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: MaxQueryDuration is not considered in Samba AD DC LDAP
CVE-STATUS: Not Relevant
CVE-REV:

CVE-ID: CVE-2021-3671
BDU-ID: 2022-06245
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Samba networking software package is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service
CVE-STATUS: Not Current
CVE-REV:

CVE-ID: CVE-2021-3738
BDU-ID: 2021-06224
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the AD DC RPC server service of the samba software is related to the use of memory after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service or escalate their privileges
CVE-STATUS: Not Current
CVE-REV:

CVE-ID: CVE-2021-44141
BDU-ID: 2022-00685
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Samba network file system involves incorrectly identifying a reference before accessing a file. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information by creating a symbolic link
CVE-STATUS: Not Current
CVE-REV:

CVE-ID: CVE-2021-44142
BDU-ID: 2022-00579
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the VFS module vfs_fruit of the Samba networking software package is related to writing beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Not relevant
CVE-REV:

CVE-ID: CVE-2022-0336
BDU-ID: 2022-00684
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Samba network file system is related to insufficient data authentication. Exploitation of the vulnerability could allow an attacker to cause a denial of service condition
CVE-STATUS: Not Current
CVE-REV:

CVE-ID: CVE-2022-2031
BDU-ID: 2022-05290
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the KDC kpasswd service of the Samba networking software suite is related to flaws in the authentication procedure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate privileges on the system
CVE-STATUS: Not Current
CVE-REV:

CVE-ID: CVE-2022-32744
BDU-ID: 2022-04687
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Samba network file system involves errors in the authentication procedure. Exploitation of the vulnerability could allow an attacker acting remotely to change the password of an arbitrary user and gain full access to the account
CVE-STATUS: Not Current
CVE-REV:

CVE-ID: CVE-2022-32746
BDU-ID: 2022-04911
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the ActiveDirectory/DC database audit logging module of the Samba networking software package is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Not Current
CVE-REV:

CVE-ID: CVE-2022-3437
BDU-ID: 2022-06493
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the unwrap_des() and unwrap_des3() functions of the Heimdal package GSSAPI library of the Samba networking program is related to a stack-based buffer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Not Relevant
CVE-REV:

CVE-ID: CVE-2022-42898
BDU-ID: 2022-06933
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the PAC (Privileged Attribute Certificate) parameters of the krb5_parse_pac function of the Heimdal and MIT Kerberos packets of the Samba networking program is related to a stack-based buffer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Not Relevant
CVE-REV:

CVE-ID: CVE-2022-45141
BDU-ID: 2023-00022
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Heimdal Kerberos protocol implementation of the Samba networking software suite is related to the use of the RC4-HMAC cryptographic algorithm. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Not Current
CVE-REV:

CVE-ID: CVE-2023-0614
BDU-ID: 2023-02012
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Samba networking software package is related to a lack of service data protection. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information
CVE-STATUS: Not Current
CVE-REV:

CVE-ID: CVE-2023-0922
BDU-ID: 2023-02011
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the samba-tool utility of the Samba networking software suite is related to the transmission of credentials in unencrypted form when working with an LDAP server. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to the device
CVE-STATUS: Not Applicable
CVE-REV:

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchsamba< 4.12.3UNKNOWN

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.18

Percentile

96.3%