Samba SecuritySAMBA:CVE-2022-32745Samba AD users can crash the server process with an
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Description
Due to incorrect values used as the limit for a loop and as the
‘count’ parameter to memcpy(), the server, receiving a specially
crafted message, leaves an array of structures partially
uninitialised, or accesses an arbitrary element beyond the end of an
array.
Outcomes achievable by an attacker include segmentation faults and
corresponding loss of availability. Depending on the contents of the
uninitialised memory, confidentiality may also be affected.
Patch Availability
Patches addressing both these issues have been posted to:
https://www.samba.org/samba/security/
Additionally, Samba 4.16.4, 4.15.9, and 4.14.14 have been issued
as security releases to correct the defect. Samba administrators are
advised to upgrade to these releases or apply the patch as soon
as possible.
CVSSv3 calculation
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L (5.4)
Workaround
None.
Credits
Initial report, patches, and this advisory by Joseph Sutton of
Catalyst and the Samba Team.
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
Related
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H