Multiple vulnerabilities in Samba
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Heap-based buffer overflow
EUVDB-ID: #VU68701
Risk: Low
CVSSv4.0: 0.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-3437
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. A remote user can send specially crafted data to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionsSamba: 4.0.0 - 4.17.1
CPE2.3- cpe:2.3:a:samba:samba:4.0.26:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.17.1:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.3.13:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.5.16:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.7.12:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.8.12:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.9.18:*:*:*:*:*:*:*
https://www.samba.org/samba/security/CVE-2022-3437.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) UNIX symbolic link following
EUVDB-ID: #VU68700
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-3592
CWE-ID:
CWE-61 - UNIX Symbolic Link (Symlink) Following
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue. A remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS can create symlinks to files outside of the smbd configured share path and access otherwise restricted files on the server.
Install updates from vendor's website.
Vulnerable software versionsSamba: 4.17.0 - 4.17.1
CPE2.3https://www.samba.org/samba/security/CVE-2022-3592.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
