SB2022102524 - Multiple vulnerabilities in Samba

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Heap-based buffer overflow (CVE-ID: CVE-2022-3437)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. A remote user can send specially crafted data to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.

2) UNIX symbolic link following (CVE-ID: CVE-2022-3592)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue. A remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS can create symlinks to files outside of the smbd configured share path and access otherwise restricted files on the server. 

Remediation

Install update from vendor's website.

References

• https://www.samba.org/samba/security/CVE-2022-3437.html
• https://www.samba.org/samba/security/CVE-2022-3592.html