FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- Multiple vulnerabilities

Affected packages
samba412 < 4.12.16
samba413 < 4.13.17_2

Details

VuXML ID f9140ad4-4920-11ed-a07e-080027f5fec9
Discovery 2022-07-27
Entry 2022-10-11

The Samba Team reports:

CVE-2022-2031
The KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password can exploit this to obtain and use tickets to other services.
CVE-2022-32744
The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change the passwords of other users, enabling full domain takeover.
CVE-2022-32745
Samba AD users can cause the server to access uninitialised data with an LDAP add or modify request, usually resulting in a segmentation fault.
CVE-2022-32746
The AD DC database audit logging module can be made to access LDAP message values that have been freed by a preceding database module, resulting in a use-after-free. This is only possible when modifying certain privileged attributes, such as userAccountControl.
CVE-2022-32742
SMB1 Client with write access to a share can cause server memory contents to be written into a file or printer.
[source]

References

CVE Name CVE-2022-2031
CVE Name CVE-2022-32742
CVE Name CVE-2022-32744
CVE Name CVE-2022-32745
CVE Name CVE-2022-32746
URL https://lists.samba.org/archive/samba-announce/2022/000609.html
URL https://www.samba.org/samba/security/CVE-2022-2031.html
URL https://www.samba.org/samba/security/CVE-2022-32742.html
URL https://www.samba.org/samba/security/CVE-2022-32744.html
URL https://www.samba.org/samba/security/CVE-2022-32745.html
URL https://www.samba.org/samba/security/CVE-2022-32746.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.