openEuler 22.03 LTS SP1 update for samba

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU69094

Risk: High

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-37966

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows Kerberos RC4-HMAC. A remote attacker can conduct a man-in-middle (MiTM) attack, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

samba-vfs-glusterfs: before 4.17.2-5

samba-pidl: before 4.17.2-5

python3-samba-test: before 4.17.2-5

samba-winbind: before 4.17.2-5

libsmbclient-devel: before 4.17.2-5

samba-winbind-krb5-locator: before 4.17.2-5

samba-client: before 4.17.2-5

libwbclient-devel: before 4.17.2-5

samba-dc-provision: before 4.17.2-5

samba-libs: before 4.17.2-5

ctdb: before 4.17.2-5

samba-help: before 4.17.2-5

samba-debuginfo: before 4.17.2-5

samba-dc-bind-dlz: before 4.17.2-5

samba-common-tools: before 4.17.2-5

python3-samba: before 4.17.2-5

samba-common: before 4.17.2-5

samba-winbind-clients: before 4.17.2-5

samba-devel: before 4.17.2-5

samba-krb5-printing: before 4.17.2-5

samba-test: before 4.17.2-5

samba-debugsource: before 4.17.2-5

samba-dc: before 4.17.2-5

python3-samba-dc: before 4.17.2-5

samba-usershares: before 4.17.2-5

samba-winbind-modules: before 4.17.2-5

libwbclient: before 4.17.2-5

libsmbclient: before 4.17.2-5

samba: before 4.17.2-5

CPE2.3

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP1:*:*:*:*:*:*
• cpe:2.3:o:openeuler:samba-vfs-glusterfs:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-pidl:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:python3-samba-test:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-winbind:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:libsmbclient-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-winbind-krb5-locator:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-client:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:libwbclient-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-dc-provision:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-libs:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:ctdb:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-help:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-dc-bind-dlz:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-common-tools:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:python3-samba:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-common:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-winbind-clients:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-krb5-printing:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-test:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-dc:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:python3-samba-dc:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-usershares:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba-winbind-modules:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:libwbclient:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:libsmbclient:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:samba:*:*:*:*:*:openeuler:*:*

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1019

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.