Ubuntu.comUB:CVE-2022-32746CVE-2022-32746
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
0.001 Low
EPSS
Percentile
30.6%
A flaw was found in the Samba AD LDAP server. The AD DC database audit
logging module can access LDAP message values freed by a preceding database
module, resulting in a use-after-free issue. This issue is only possible
when modifying certain privileged attributes, such as userAccountControl.
Bugs
- <https://bugzilla.samba.org/show_bug.cgi?id=15009>
- <https://bugzilla.samba.org/show_bug.cgi?id=15096>
- <https://bugzilla.samba.org/show_bug.cgi?id=15109 (tracking bug)>
Notes
| Author | Note |
|---|---|
| mdeslaur | combined patches are in bug 15096 Fixing this in Ubuntu 18.04 LTS would require substantial code backports. We will not be fixing this issue in Ubuntu 18.04 LTS. In environments where this is of concern, we recommend updating to a more recent Ubuntu version, or disabling AD DC database audit logging if this is not passible. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 20.04 | noarch | ldb | < 2:2.2.3-0ubuntu0.20.04.3 | UNKNOWN |
| ubuntu | 22.04 | noarch | ldb | < 2:2.4.4-0ubuntu0.1 | UNKNOWN |
| ubuntu | 14.04 | noarch | ldb | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | ldb | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | samba | < 2:4.13.17~dfsg-0ubuntu1.20.04.1 | UNKNOWN |
| ubuntu | 22.04 | noarch | samba | < 2:4.15.9+dfsg-0ubuntu0.2 | UNKNOWN |
| ubuntu | 22.10 | noarch | samba | < 2:4.16.4+dfsg-2ubuntu1 | UNKNOWN |
| ubuntu | 23.04 | noarch | samba | < 2:4.16.4+dfsg-2ubuntu1 | UNKNOWN |
| ubuntu | 23.10 | noarch | samba | < 2:4.16.4+dfsg-2ubuntu1 | UNKNOWN |
| ubuntu | 14.04 | noarch | samba | < any | UNKNOWN |
Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
0.001 Low
EPSS
Percentile
30.6%