CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
41.5%
An out-of-bounds read vulnerability was found in Samba due to insufficient
length checks in winbindd_pam_auth_crap.c. When performing NTLM
authentication, the client replies to cryptographic challenges back to the
server. These replies have variable lengths, and Winbind fails to check the
lan manager response length. When Winbind is used for NTLM authentication,
a maliciously crafted request can trigger an out-of-bounds read in Winbind,
possibly resulting in a crash.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | samba | < any | UNKNOWN |
ubuntu | 20.04 | noarch | samba | < 2:4.15.13+dfsg-0ubuntu0.20.04.3 | UNKNOWN |
ubuntu | 22.04 | noarch | samba | < 2:4.15.13+dfsg-0ubuntu1.2 | UNKNOWN |
ubuntu | 22.10 | noarch | samba | < 2:4.16.8+dfsg-0ubuntu1.2 | UNKNOWN |
ubuntu | 23.04 | noarch | samba | < 2:4.17.7+dfsg-1ubuntu1.1 | UNKNOWN |
ubuntu | 23.10 | noarch | samba | < 2:4.18.5+dfsg-1ubuntu1 | UNKNOWN |
ubuntu | 24.04 | noarch | samba | < 2:4.18.5+dfsg-1ubuntu1 | UNKNOWN |
ubuntu | 14.04 | noarch | samba | < any | UNKNOWN |
ubuntu | 16.04 | noarch | samba | < any | UNKNOWN |